Please enter CoinGecko Free Api Key to get this plugin works.

Considerations Before Launching an ICO: Compliance in Relation to AML, KYC, the SEC & FINRA

Blockchain attorney Dr. Nick Oberheiden

Attorney Nick Oberheiden
ICO Compliance Team Lead
Blockchain attorney Alina Veneziano

Attorney Alina Veneziano
ICO Compliance Team Lead

Introduction: ICO Compliance

An ICO (Initial Coin Offering) is simply an IPO for cryptocurrencies. Like IPOs, ICO have complex compliance obligations. They also need to meet strict reporting and recordkeeping requirements. What’s more, ICOs must be continuously monitored.

ICO compliance involves implementing robust compliance policies containing clear KYC (Know Your Customer) and AML (anti-money laundering) procedures. What’s more, compliance is an ongoing process, and many companies that have launched ICOs already are finding themselves subjected to new regulations.

Role of Federal Agencies Like the SEC, CFTC, FINRA, DOJ, FinCEN, and FBI in ICO Compliance

The SEC (Securities Exchange Commission), FINRA (Financial Industry Regulatory Authority), CFTC, and FinCEN are eager to investigate companies and persons seeking to raise capital via ICOs (Initial Coin Offerings).

If investigations reveal suspected criminal activity, agencies like the FBI and DOJ are involved in prosecuting resulting crimes. FINRA and the SEC are the most active federal agencies in assessing recent ICOs. The agencies don’t waste time forwarding cases to the FBI, DOJ, and other federal agencies for criminal prosecution.

The importance of hiring a lawyer with experience dealing with crypto ICOs and federal agency investigations involved in ICOs can’t be overlooked.

ICO Functions, Compliance & Regulatory Matters

ICOs are launched to raise funds for cryptocurrency projects. They are start-up tools for immediate fundraising. In an ICO, a token/coin is created. Individuals interested in taking part in the ICO buy the token or coin, expecting the ICO will be a success and the coin/token will increase in value.

As mentioned, ICOs create compliance issues. Besides meeting licensing and KYC/AML laws, ICOs also need to meet BSA (Bank Secrecy Act) guidelines. There’s also a question of how far ICOs should be regulated. The SEC is responsible for enforcing multiple federal regulations and has to decide when, how, and the extent to which ICOs should face regulations.

However, we know that the SEC has been on record stating that ICO are treated like securities offerings in many instances, which makes them subject to registration obligations as per federal securities laws.

“As ICOs generate more capital, entities and individuals behind them are finding themselves subjected to many laws spanning different industry sectors like financial services, property investment, and banking. Federal agencies have also intensified investigations and prosecutions on matters relating to ICOs. These agencies are relying on already-existing statutes to pursue entities and individuals behind ICOs. The consequences of commodities and securities fraud – i.e., a 25-year jail term – and how inconsequential cases of non-compliance can attract federal agency attention and result in criminal charges highlight the importance of retaining legal counsel to guide ICO compliance issues." – Dr. Nick Oberheiden (Founding Attorney, Blockchain Lawyer)

What Do KYC/AML Laws Say About ICOs?

KYC/AML laws under the Patriot and Bank Secrecy Acts are aimed at protecting financial institutions like banks from being enablers of financial crimes like money laundering. The acts have various requirements.

For instance, the BSA (or Bank Secrecy Act) has certain requirements that financial institutions (including banks) should follow in regards to reporting client transactions and activities. The BSA requires internal controls to be established and tested as part of compliance requirements.

The Patriot Act makes it mandatory for financial institutions (including banks) to be proactive on verification and compliance requirements. For instance, financial institutions must collect SSNs, customer ID information, and tax information, as well as verify this information.

They also need to keep accurate and extensive records, follow notification procedures if they suspect activities, have stringent collection policies in place, and more. These requirements must be met in regard to ICOs since the SEC treats them as security offerings.

The SEC and FINRA on ICOs

The SEC is constantly following ICOs since it views ICOs as “securities." Individuals and entities behind ICOs must meet federal securities regulations enforced by the SEC. First and foremost, every ICO must be registered, provided it is being offered to the general public. Registration must be done with the SEC unless there is an applicable exemption.

ICOs that aren’t registered can face liability if they aren’t exempt as per Regulation D or other common SEC registration exemptions. Exemptions state the obligations and limitations of accredited investors. They enable start-up investors to raise capital through public offerings without worrying about financial implications of registering the offering. This applies to typical offers and ICOs involving tokens/coins.

The SEC’s challenge has been verifying if investors in question are accredited since most ICOs are pseudonymous (launched without revealing the names of persons behind them).

FINRA is a committed private self-regulatory organization that regulates broker-dealers, brokerage firms, and markets. The regulator cautions investors on “suspect" ICOs. The alerts inform investors of uncertainties surrounding individual ICOs – i.e., verification challenges, market manipulation, risk of fraud, volatility, etc.

What Should You Do Before Launching an ICO?

ICOs should be launched after considering the following:

The Token/Coin to be Offered Can Qualify as a Security

As mentioned above, the SEC considers ICO to be securities offerings. While there may be exceptions, it’s highly likely that your token/coin on offer will qualify as a security and be subject to federal securities laws. If that’s the case, the SEC must register the offer.

A License May Be Required

Whether the token/coin qualifies as a security, the issuing firm may need to be registered or licensed. In addition, investment professionals, advisers, or firms behind the offer may require additional registration/licensing.

The SEC Doesn’t Register or Regulate Online Trading Platforms & Exchanges

Online trading platforms that may be referred to as exchanges aren’t registered or regulated by the SEC.

ICOs Should Be Backed by a Detailed Business Plan

Before launching an ICO, make sure you have a business plan in place detailing what you intend to do with investor’s money. The business plan should also include investor’s rights, how investors can claim their money, resale possibilities, and more.

Fraud, Hacking, and Theft Risks Linked to the ICO Must Be Assessed

The persons or entities behind an ICO have the responsibility of assessing the risks that affect the ICO. Since tokens/coins in ICOs are virtual currencies, fraud, hacking, and malware attacks are probable risks that must be assessed and handled. Since ICOs introduce many risks to investors, it’s important to offer investors some guarantees.

ICOs Should Be Unique

While it is possible to copy an existing ICO, entities behind ICOs have the responsibility to make their offering differentiable from existing tokens/coins. Since there are thousands of ICOs being launched weekly, persons or institutions behind offerings should give investors a unique reason to invest.

Developmental and Tech Issues Should Also be Dealt With

ICOs run on blockchain tech, which is prone to unique problems from creation to blockchain forks, strong coding processes, miner collaboration, etc. These issues must be assessed and dealt with.

ICO Compliance Is a Continuous Process

It’s also recommendable to treat compliance as an ongoing process with updates and improvements. While there are mandatory requirements for launching an ICO, regulations are still evolving and this doesn’t stop ICOs from being launched. However, continuous improvements are necessary to avoid problems.

ICOs Are Characterized by Fluctuations and Pricing Is Dictated by Many Factors

It also helps to consider ICO volatility as part of the process and the many contributing factors, including investor fears of missing out, and practices like pumping and dumping. As a result, pricing may not be based on fundamentals like company disclosures, audited financial statements, etc.


ICOs raise funds to launch new tokens/coins to the public while investors in the ICO look to profit. Individuals or entities behind ICOs have certain regulatory obligations that must be met depending on if the offer qualifies as a security offering subject to existing federal securities laws.

Banking regulations like KYC/AML also come into play in ICOs, and federal agencies like the SEC are constantly investigating ICOs and the persons/entities behind them. The SEC takes an aggressive stand on ICOs due to the exponential increase in offers and the fact that most offerings are unregistered.

If you launch an ICO that isn’t compliant, you can expect to face regulatory action. Fraud, theft, crime, and other misconduct uncovered in an ICO can prompt federal agencies to launch criminal prosecutions.

If you wish to launch an ICO or participate in one, talk to a seasoned ICO attorney first.