Two bills recently introduced in the Senate with cross-aisle support aim to give the CFTC more regulatory sway over digital assets. But neither would solve the fundamental riddle of whether most digital assets are securities subject to SEC oversight.

In the last few weeks, two bills with the potential to bring needed regulatory certainty to the U.S. digital asset industry were introduced in the Senate with solid bipartisan backing.

In June, Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY) unveiled the Lummis-Gillibrand Responsible Financial Innovation Act, and in August, Senators Debbie Stabenow (D-MI) and John Boozman (R-AR) announced they would introduce the Digital Commodities Consumer Protection Act of 2022, with support from Senators John Thune (R-SD) and Cory Booker (D-NJ).

Each bill would bring much needed clarity to the regulatory landscape in part by strengthening the role of the Commodity Futures Trading Commission instead of fully empowering the Securities and Exchange Commission to regulate the digital asset industry. However, both bills seem to perpetuate reliance on the decades-old Howey test in order to determine whether a particular digital asset is a security, and thus subject to SEC jurisdiction.

As one can gather from even a quick read of the SEC’s 2019 analytical framework for applying Howey to digital assets, the Howey test simply does not foster reproducible results that market participants can rely on with reasonable confidence. Instead, when analyzing a particular digital asset, the SEC suggests that market participants should consider a non-exclusive list of 50 or 60 “characteristics,” none of which is “necessarily determinative,” on the understanding that when their “presence” is “stronger” it is “more likely” that the digital asset is an “investment contract” and thus a security. This is not a recipe for predictability.

Because neither bill tackles head-on the thorny question of how to distinguish digital assets that are securities from those that are not, neither bill, if enacted in its current form, would settle the brewing turf war between the two powerful agencies. Instead, for many if not most digital assets, the question of whether the SEC can and will assert authority would too often remain a guessing game.

Is it a security?

A fundamental question that looms over many digital asset activities is whether or not the particular digital asset in question is a security under U.S. federal securities law. If a digital asset is a security, then it cannot be bought and sold on popular crypto trading platforms, which aren’t subject to SEC oversight as securities exchanges or operated by SEC-registered broker-dealers as alternative trading systems.

But more importantly, the digital asset probably cannot be used for its intended non-investment purpose – at least where its use requires that it freely move on a peer-to-peer basis over a decentralized network of computer servers. So-called “secondary market” securities trading just doesn’t happen this way.

Instead, our securities markets operate within an infrastructure of actors with defined roles and responsibilities who are comprehensively supervised by multiple federal, state and industry regulatory authorities. In addition to securities exchanges, brokers and dealers, these actors include intermediaries such as clearing organizations and transfer agents, and specialized service providers such as underwriters, investment advisers and custodians.

Our present-day securities market infrastructure is the product of generations of trial-and-error by market participants and regulators to facilitate the critical economic engine of capital formation while safeguarding the interests of those who provide the capital – also known as investors. Since the 1930s, the SEC has been the indispensable leader of the regulatory effort, at home and abroad, and the world’s financial markets are without a doubt fairer and more economically efficient today because of the SEC’s expertise, zeal and effectiveness over the last nine decades and counting.

Starting in the early 2010s, the SEC began to take note of the small but growing digital asset market, which though dominated by activity involving Bitcoin began to feature capital raising through “ICOs” or “initial coin offerings.” In 2017 the SEC released an investigative report in which it explained how some ICOs could amount to illegal unregistered securities offerings. Since that time, the SEC staff and some commissioners have acknowledged that Bitcoin itself is not a security, and in 2018 a senior SEC official suggested that “current offers and sales of Ether are not securities transactions.”

But other than Bitcoin and Ether, the SEC has never identified a digital asset that it believes is not a security, and current SEC Chair Gary Gensler, like former Chair Jay Clayton before him, have suggested that most digital assets are, actually, securities. In a recent interview, Chair Gensler carefully avoided endorsing the proposition that any digital asset other than Bitcoin is exempt from regulation as a security.

The SEC has yet to undertake the kind of comprehensive overhaul of its rulebook that key crypto market participants have urged would be necessary to accommodate SEC regulation of most digital assets as securities, and as a result the basic question – is it a security? – remains as salient as ever. The existing lack of certainty surrounding this question has, we believe, stymied institutional investment, innovation and development in the industry and contributed to the extreme price volatility that has of late characterized the sector.

How the bills address this basic question

The Lummis-Gillibrand and Stabenow-Boozman bills follow different paths to defining which digital assets are excluded from SEC regulation as securities, but both paths ultimately founder in the dense and nigh-impenetrable thicket known as the Howey test.


The Lummis-Gillibrand bill introduces the defined term “digital asset,” which includes, among other things, an “ancillary asset.” An ancillary asset is, in turn, an intangible that is sold through an arrangement involving an “investment contract.”

Lummis-Gillibrand makes clear that the ancillary asset – in other words, the crypto token – is not a “security” under the federal securities laws even if it is sold as part of an arrangement involving an investment contract. Therefore dealings in the token itself, such as secondary market trading, are not regulated as securities transactions.

To understand why Lummis-Gillibrand takes this approach, a bit of background on Howey is in order. The 1946 Supreme Court decision in SEC v. W.J. Howey Co. centered on a WWII-era Florida real estate and agricultural entrepreneur, William J. Howey, who sold contractual rights in citrus groves to investors around the country. The investors put up cash, Mr. Howey’s employees planted and raised the crop and then sold it, and Mr. Howey divvied up any remaining profits with the investors. The SEC successfully sued Mr. Howey for having conducted an unregistered securities offering. But instead of likening his enterprise to an unregistered common stock offering, to which it bore marked similarities, the Supreme Court said it was an “investment contract,” which is one of a laundry-list of items included in the statutory definition of “security.”

Of course, the Supreme Court did not say in the Howey case that oranges, grapefruit and lemons are securities. But in applying Howey to transactions in digital assets, and indeed in suggesting that Ether sales may once have amounted to investment contracts but no longer do, the SEC has helped foment a significant amount of confusion over whether a digital asset sold in what may be characterized as a capital-raising transaction is itself a security, or like the citrus fruit in Howey is only “ancillary” to the bargain.

Lummis-Gillibrand wades into this confusion and tries to clear it up. The problem with the Lummis-Gillibrand definition of “ancillary asset” is that it contains a Trojan horse. Excluded from the definition of “ancillary asset” is any asset that gives its holder a “profit or revenue share” in an entity “solely from the entrepreneurial or managerial efforts of others.” This peculiar phrase is, according to the SEC’s framework, the defining characteristic of an investment contract under Howey.

“Profits,” according to the SEC’s interpretation of Howey, can come in many forms, including capital appreciation. And the SEC is likely to detect “efforts of others” whenever there is arguably an identifiable individual, entity or group – even if not the original promoters – whose future activities a hypothetical investor might look to when speculating on the value of the asset.

So a crypto token that might appreciate in value from those efforts is not an ancillary asset under Lummis- Gillibrand – but a security. This would leave the SEC free to make the same argument that it does today – that most digital assets are securities, because holders may expect capital appreciation from someone else’s efforts. We see no reason why the SEC would change its approach if Lummis-Gillibrand becomes law in its current form.


The Stabenow-Boozman bill introduces the defined term “digital commodity,” and states that it “includes property commonly known as cryptocurrency or virtual currency, such as Bitcoin and Ether,” but then expressly excludes any “security” from the definition. The bill makes no change to the definition of “security,” implicitly leaving the Howey test in place.

Relying on this definition, we believe the SEC would almost certainly take the position that nearly all digital assets, other than Bitcoin and Ether, are not “digital commodities” under CFTC jurisdiction, but are securities subject to SEC jurisdiction. In other words, Stabenow-Boozman would not change the status quo, a state of affairs where no one can confidently predict whether many digital assets will ultimately be categorized as securities or commodities.

How both bills could be improved

We think both bills could be improved by expressly jettisoning Howey when it comes to categorizing digital assets.

With Congress in charge and affirmatively writing laws for digital assets, there is simply no reason to rely on a 76-year-old judge-made divining rod that, in its many incarnations, relies on analogies to citrus fruit, cooperative apartments and whiskey warehouse receipts to determine whether lines of software code are securities.

Instead, Congress can, fairly easily, define what a crypto token is (there’s not much debate about that), and then decide when it gets regulated by the SEC and when by the CFTC.

The SEC has historically regulated assets like stocks and bonds that represent a promise to pay or a claim on the earnings or assets of a business enterprise – like the contracts in Howey. The SEC does this very well, which is a large part of the reason why the U.S. capital markets are the deepest and most liquid in the world.

The CFTC, on the other hand, has historically regulated derivatives markets in commodities – assets that may be quite attractive from an investment perspective but that, in and of themselves, don’t embody a promise to pay or a claim on any business entity’s earnings or assets. And therefore, unlike securities, don’t require audited financial statements to understand.

Recognizing this basic distinction between SEC and CFTC authority and then reflecting it in statutory text would, we believe, go a long way towards clarifying the stultifying regulatory standoff that we find ourselves in today.

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.