The Investigation
October 31, 2019. Halloween. I was dressed as an SEC enforcement officer.
My lawyer Andrew Escobar at DLA Piper calls with the best news of my life: "The SEC is closing the investigation. No enforcement action. And Mason — they want you to know they were complimentary of you and were thankful for our cooperation, stressing that it was a key factor in helping them efficiently come to the conclusion they did."
Two years. The investigation had been open for two years. Two years of submitting our contracts and financials, deposition training, SEC interviews, and the dread of not knowing if you were going to be fined hundreds of millions of dollars or go to jail. Two years of building a company while not knowing if that company would survive.
"They were complimentary." And I love compliments.
I celebrated like I just won the most intense Mario Kart match of my life. "YES! YES!! YESS!!! I AM INVINCIBLE!". I promised Andrew I'd fly to Seattle and take them out for beers.
It was proof that every bit of concern, every dollar spent on our high-end, fancy office lawyers at DLA Piper was absolutely worth it.
Why They Came
In 2017, Tokensoft was arguably the only company helping founders issue tokens legally in the United States. Most of the industry was making it up as they went — no legal framework, no securities counsel, no compliance infrastructure. One company made up something called the SAFT, which today is only widely popular in Singapore for some reason. It was rumored that the word SAFT would make SEC staff members turn red with rage, hence its quick departure from US soil, Singapore never got the memo.
We operated differently from day one.
Before we launched, we worked with former SEC attorney Andrew Ledbetter at DLA Piper. He went through every screen and word on our website. Every clause in our
contracts. Every detail of how we described our services, how we charged for them, and how we positioned ourselves relative to our clients' offerings. We knew the securities regulations down to the letter of the law. We knew exactly what to say, what not to say. We knew the grey areas — and we had these addressed in our template master services agreement.
The SEC's position, which the industry long resisted was that all tokens had to comply with securities laws under the Securities Act of 1933.
We knew it. That was the reason Tokensoft existed.
What we didn't know was whether doing everything right from the start was enough to keep us out of the crosshairs. Welcome to the Wild West.
The legal question wasn't whether our clients' tokens were securities. They all had to be treated as such, that was the point. We were helping people issue securities legally, while complying with the Bank Secrecy Act and applicable securities regulations.
The question was whether we as a platform were doing enough to not engage in broker dealer activity.
The Hallmarks
At the time most founders were guided to take the risk. They were told it’s part of being a founder, you launch a token, raise funds and the regulatory uncertainty is part of the game. However it was a lot more complicated than that.
A broker-dealer is a person or firm that buys and sells securities on behalf of clients, or facilitates those transactions for compensation. To operate as one, you need to register with FINRA and potentially file with the SEC separately. If you don't register and you're engaging in broker dealer activity, you've committed a federal crime.
The hallmarks of broker-dealer activity are very simple:
Taking a percentage of a transaction— If your compensation scales with
how much money gets raised, you're almost certainly a broker-dealer.
In an SEC investigation, the SEC will review all of your revenue accrued from a client as a percentage of their raise, doesn’t matter what it’s called. The correlation is enough.
Promoting securities — Telling people to buy in public marketing or communications. Recommending investments. Putting out YouTube videos on why this token is a good deal. All of it counts.
Soliciting investors — Finding buyers. Making introductions. Bringing capital to the table. Marketing investments in a mailing list? It counts.
Tokensoft did none of these things. By design.
We charged a flat fee. We did not take a percentage of the raise. We did not tell anyone to buy our clients' tokens. We built software that helped issuers run compliant offerings, and we charged for the software. Period.
This wasn't accidental. It was the entire architecture of how we built the company. Informed by DLA Piper, with former SEC staff, from day one. Every business decision ran through the same filter: does it look like it could be broker dealer activity?
When the SEC investigated us, what they found was a software company that had studied the securities laws more closely than they had. The cooperation which involved full document production and full transparency confirmed what the documents showed.
The Tezos Lesson
While our own investigation was running, we were watching what happened to founders who hadn't thought any of this through.
In July 2017, the Tezos Foundation raised $232 million in Bitcoin and Ethereum — at the time the largest token fundraise in history. It was a landmark moment and at the same time walking into a hostile regulatory environment.
The founders, Arthur and Kathleen Breitman, almost immediately fell into a public feud with the Swiss foundation president, Johann Gevers, over control of the funds. The legal structures were tangled across Swiss foundation law, a Delaware entity, and a token that had characteristics of a security but was not treated as such, in the US. Class action lawsuits followed. The funds sat frozen while lawyers argued over who controlled what.
By May 2018 the Tezos Foundation was in remediation mode. Their team, operating across France and Switzerland, racing against deadlines, needed to retrofit the compliance infrastructure that should have existed before the raise, not after it.
We helped clean it up. We provided a compliance gate that processed all investors through applicable compliance requirements. PwC came in to audit the compliance process we ran for their 34,000 investors.
The Tezos Foundation ultimately survived and went on to sponsor F-1 races. The lawsuits settled. But the lesson is stark: $232 million raised, and they spent the next two years in legal and regulatory cleanup that cost tens of millions more.
The founders who called us before the problems started had an easier time. Over a hundred tokens launched, a million investors processed and no SEC enforcement actions.
44 Montgomery
People ask me why I moved Tokensoft into 44 Montgomery Street in San
Francisco's Financial District.
The SEC's San Francisco field office was on floor 28. We took floor 38.
Here's the honest reason: I couldn't figure out why they weren't investigating us and wanted to know if I was doing anything wrong.
By 2018, the SEC had opened investigations into virtually every company operating in our space. Securitize and Coinlist, both competitors were getting subpoenas. The issuers that had run token sales without proper exemptions, the advisors, the service providers were all getting love letters from the SEC. And we weren't.
I didn't know if that meant we were doing everything right, or if it meant we just hadn't been noticed yet.
So I decided to find out. I moved into the building. We were introduced to the SEC by a compliance provider in the space. I used this introduction to build a relationship with the staff, called the “DLT Research Group” at the time. I genuinely wanted to know if I was doing something wrong. The best way to know is to understand how they think. If I had a picture of how the SEC thought, I could better execute on my business. If I’m the one informing them about the technology risks in the space, I can also provide the technology that addresses these risks.
Proximity became the advantage. When the Crypto Czar flew in from Washington and needed a technical demo within the hour at 7AM. I was able to bring my staff in and deliver.
We weren't just issuing tokens. We were educating a federal agency about the underlying technology. The SEC's staff were smart, thorough, and genuinely trying to understand how a public blockchain could host a regulated investment product. We were in a position to explain it — and we did. Regularly. Informational meetings. Comment responses. Technical walkthroughs of how the existing regulations could be mapped onto the blockchain.
At one point we organized a technical presentation for a large group at the SEC. Our CTO was leading the session — walking through the mechanics of how ERC-1404's transfer restrictions worked at the blockchain level, how a non-compliant transaction gets rejected before it ever completes.
At the opening through the presentation, enforcement divison dialed in.
There was a brief pause. Our CTO and Co-Founder was escorted out of the room.
He waited in the hallway.
A few minutes later, he was brought back in and the presentation continued.
The irony of trying to educate a majority of the SEC while under active SEC investigation. The enforcement division joining a technical briefing being led by the subject of that investigation created a hilarious juxtaposition.
We were lucky. We were lucky to be able to help.
It was surreal. It was also a preview of how the whole thing resolved.
The agency was not looking for a reason to destroy us. They were trying to understand something genuinely new. We were making it easier for them to understand it. That mattered.
The Letter
October 31, 2019. Andrew Escobar on the phone.
"During my call with the staff, they were very complimentary of you and were thankful for our cooperation, stressing that it was a key factor in helping them efficiently come to the conclusion they did."
Here's what I took from two years under federal investigation:
You’re probably going to be ok — If you always try to do the right thing, you’ll be ok. At the end of the day, the folks that were reasonably buttoned up landed with fines that were a tiny fraction of their raises. There’s a spectrum of risk and we were on the lowest end. It’s important for a founder to know their risk profile at every stage of the journey.
Start conservative — It’s easier to tone down the compliance as your risk profile becomes more clear. If you’re going to remediate, you need to have a lot of cash like Tezos did. Remediation happens everyday with banks, so it’s certainly a path.
Know the landscape — "Those who do not know the conditions of mountains and forests, hazardous defiles, marshes and swamps, cannot conduct the march of an army" - Sun Tzu
Love thy neighbor — We helped the SEC understand the technology. These interactions helped us understand what they needed to approve it. This is the only way to build a mutual understanding in a noisy environment and it worked.
The investigation closed. We kept building.