A Crypto-native Disclosure Framework: No More Insider Baseball!
There is a frequent acronym that gets used within the crypto industry a lot, “DYOR”, which is frequently tacked onto the end of an opinion or end of an enthusiastic recommendation of a crypto company. “DYOR”, of course, stands for “Do Your Own Research”. This certainly seems to be possible; after all, crypto celebrates building in public, as is the nature of blockchains– open, auditable, transparent– and the saying of “don’t trust, verify” is commonplace as well. For sophisticated crypto users/ holders/ investors, it’s possible to look up information about a particular token project, and there is more data tools/ dashboards/ analytics that let such users access crucial information about the tokens.
However, even for this group of users, publicly available information only gets you so far on the particulars of the tokens. As more crypto projects (that eventually launch tokens) raise private funding rounds in which the details of the tokenomics/ lockups/ decentralization roadmap are not privy to the public, it’s also important to consider what details are important for projects with imminent token launches to disclose to potential token holders. The problem, however, is where and what details should be disclosed. In other words, in an otherwise transparent web3 world, what are the hidden details that are and should be transparent and easy to understand?
One of the first big projects I worked on within the crypto space back when I was at Messari in 2018 was getting behind designing and onboarding a disclosure registry for crypto projects – a crypto-native version of an EDGAR database (* for those unfamiliar, this is the filing system where all corporate filings are made with the SEC; filings such as S-1s for IPOs or quarterly reports from public companies). The problem, however, is that there are no clear guidelines just when a cryptocurrency is a security. And, equally important, even where a cryptocurrency is a security, regulatory frameworks aren’t always up to the job of compelling rational (or even material) disclosures from token-based crypto/web3 companies.
Five years later, we have good and bad news. The good news is, we finally are at a point where people are starting to ask smart questions about the lack of disclosures around the non-transparent but important parts that affect/govern a token network. The bad news is, the information is either private, hard to find, or sits behind an expensive paywall of a data/analytics firm that mostly serves institutional clients.
Before I dive into the next part, I want to address the elephant in the room: why can’t the law simply mandate crypto companies to disclose in a manner that is similar to public companies in the U.S., thereby subjecting this asset class to securities regulation? As the good folks over at the Blockchain Association notes, “Current US security laws from the 1930s and 1940s do not provide an adequate framework for the role of the state in regulating cryptocurrencies, due to their uniqueness”. Lawyers at top law firms also argue that the regulation (or self-regulation) of crypto should not hinge on whether or not tokens are securities under U.S. Securities law. Rather, as they point out:
“What if [Tokens] aren't [securities] ? If tokens are not securities under Howey, then we require no information about them from their promoters or large holders; we impose no comprehensive regulation on their trading venues, and for the most part, we allow investors to fend for themselves. This is not good for the industry or the public. Not for nothing is today's crypto marketplace sometimes compared to the Wild West.
Set aside the practical difficulty of actually using Howey to produce results about which regulators, courts, and market participants can all agree. If there is no good answer to the question of whether a token is a security, why do we keep asking?
Nearly eight decades after Howey, we are stuck trying to apply it to crypto tokens that might have been designed to send cash inexpensively to a relative, securely store large data files, protect a computer network from fraudulent activity, or in countless applications having nothing to do with ownership or creditor interests in a business.”
And herein lies the question from earlier: where and what details should be disclosed by a company that is planning a token launch and wants to make the tokens available to retail investors?
When Chris emailed me about the whitepaper he was working on, it certainly resonated with me: a bottom-up approach to better crypto disclosures, a way to standardize them, and what form this standard should take place. This certainly is NOT to say that we as an industry are not doing a good job- data is easier to access than ever (Dune, Messari, Token Terminal, Nansen, Defi Llama etc.) ; governance voting is happening robustly (via tools like Boardroom and Snapshot; good examples like ENS, Maker, UNI, etc). But so much of the ‘best practice’ is done on a case-by-case basis, and users generally have to scour through a project’s socials/ blogs to find the relevant information on token economics, governance, and more. So I certainly can support a better standard that is open-sourced (ie not behind a paywall), easy to access/ understand and set up a better, self-determined, and proactive way of doing right by token holders.
This blog was inspired by the whitepaper “Disclosure, Dapps, and Defi” by Chris Brummer, a Professor of Law at Georgetown University Law Center and a widely respected expert on Financial Regulation and U.S. Securities Law. The original article is published here. It’s worth a read as the discussion in the paper goes beyond a framework for token disclosures– it also goes in-depth on regulatory framework considerations and proposes interesting ways of a crypto-native disclosure mechanism. ** Note also that Professor Brummer has been thinking about appropriate crypto-native disclosures for years, and has a 2018 article on the topic as well.
Example of a Token Disclosure Form
Description
Start with a clear, “Plain-English” description of the product/protocol/app
Include an explanation of how and under what circumstances an end user will benefit – in other words, the purpose of the protocol/ app/ token for the user
2. Risks
Identify the types of external risks that would materially impact operations
IP- related risk
Base layer ecosystem related risk
Market, liquidity, or counter party risk
Smart contract risk (how does it get maintained; who has permission)
Regulation risk
Crypto volatility risk
Mitigation of risk
Processes and procedures in place to mitigate risks (ie cybersecurity risk, insurance etc.)
3. Token Disclosures
Token economics
Basic supply/ demand (FDMV, whether more supply could be minted, etc)
Lockups periods (for founders and investors/ insiders)
Token distribution plans/makeup (current and planned)
Utility of tokens
Token Value accrual
ie, if the platform or governance tokens are distributed as a reward for staking, a clear indication should be given as to whether and how they can be used, and where/ how (if at all) they can be traded. Meanwhile, if dividends and other rights attached to a token, these rights should be disclosed to holders.
4 . Governance
Some important questions to answer:
Are there centralized entities that have control powers, and in what situations are they permitted to wield them?
What features of the operation of the app do centralized entities control upgrades, kill switches, or more?
What are the rights of participants, individually and collectively (e.g., in the case of on-chain voting), vis-a-vis centralized control entities?
What security risks (or advantages for resilience) do central control or authority create for dapp users and investors?
As entities begin to decentralize to take on a DAO format:
Over what aspects of the dapp are DAO decisions relevant?
How does the relevant DAO make decisions?
What are the voting rights of DAO governance token holders? How do the voting rights impact the services enjoyed by end users?
Can the voting rights of DAO token holders change, and if so, how?
What aspects of decision making are automated?
What, if any, crisis management features does a DAO enjoy that impact governance and voting?
Is the DAO for profit - and if so, what are revenue streams for the DAO?
The above is a very rough draft proposal of what a more standard token disclosure might look like as we start to think around crypto-native disclosures that are accessible, transparent, and high signal. The answers to these questions are accessible in private funding markets, but should not be limited to private insiders only, especially as tokens increasingly become available to retail investors earlier. I hope to see this as an industry-wide effort - email/ DMs are open as always and open to any feedback!
Ps LINK for my annotated version is here. I gave it a quick read/ markup if you want to read along. :)