Cooling the Blockchain Boom: CSA Staff Narrow the Path for Cryptocurrency Offerings

Authors: Geoffrey L. Rawle and Zain Rizvi

Cryptocurrency users take note – Canadian securities laws may apply, and regulators are paying attention.

On August 24, 2017, the Canadian Securities Administrators released strong guidance on how securities regulators will view and regulate cryptocurrency offerings, also known as initial coin or token offerings (ICOs). The CSA Notice,1 which was published in all jurisdictions of Canada except Saskatchewan, was released less than a month after the U.S. Securities and Exchange Commission released its investigative report2 that confirmed that U.S. securities laws may apply to ICOs. The CSA Notice elaborates on the Ontario Securities Commission’s cautionary statement3 in its news release on ICOs made earlier this year. Read our commentary on the SEC report here.4

The CSA Notice is directed at entrepreneurs and financial technology (fintech) companies raising capital using blockchain technology, facilitating transactions in cryptocurrencies or looking to establish cryptocurrency investment funds. The CSA lays out a framework for understanding the intersection between securities laws and cryptocurrencies, and adopts a strong tone in concluding that “in many cases” cryptocurrency coins and tokens “should properly be considered securities.” While the CSA Notice provides limited guidance on the features of a cryptocurrency coin or token that will result in the cryptocurrency not being characterized as a security, the framework may be more useful in aiding some technologists in understanding the degree and direction of CSA scrutiny that will be applied to these types of offerings. For prospective ICOs, cryptocurrency exchanges and investment funds, entrepreneurs and advisers should expect enhanced scrutiny and compliance pressure in the future.

Do Canadian Securities Laws Apply?

According to the CSA, Canadian securities laws apply to ICOs involving a sale of a “security” if the business is conducted from within Canada or if there are Canadian investors. Interestingly, this statement suggests that ICOs by Canadian businesses that have incorporated in other jurisdictions or excluded Canadian purchasers from participating but operate in Canada could nevertheless be subject to Canadian securities laws.

Canadian securities regulators will assess whether an ICO triggers compliance with securities law requirements on the basis of the ICO’s specific characteristics. In determining whether a cryptocurrency token or coin constitutes a security, the CSA indicated it will take a purposive interpretation with the objective of investor protection in mind. Businesses operating in this space should consider and apply the well-established four-prong test for determining whether an investment contract exists – an investment of money in a common enterprise with an expectation of profit to come significantly from the efforts of others – originated in SEC v. W.J. Howey Co. and adopted in Canada in Pacific Coast Coin Exchange.5

The CSA Notice provides one specific example of an ICO that would not constitute a securities offering and may be permitted without securities compliance – coins or tokens that merely operate a videogame – and a much broader example of an ICO that would require compliance – coins or tokens that are tied to future profits or business successes. However, the CSA framework does not provide a bright-line test for ICOs or other uses of blockchain technology to follow to ensure a specific token or coin will not be subject to Canadian securities laws. Furthermore, the CSA Notice does not offer safe harbours, exempt any conduct or articulate a pan-Canadian approach to permitted innovation. The CSA Notice acknowledges cryptocurrencies’ potential and expresses a strong aversion to stifling innovation, with Staff offering assistance to resolve regulatory challenges collaboratively, including by possibly providing exemptive relief from securities law requirements to fintech businesses using blockchain technology. Implicitly, therefore, the CSA is instructing technologists that cryptocurrencies require a strong advisory team to adequately mitigate regulatory risk.

Applicable Securities Law Obligations

The CSA Notice provides a high-level road map for entrepreneurs and investors to better understand specific securities law obligations. Should an ICO be considered an offering of securities, a prospectus must be filed with regulators unless an exemption from the prospectus requirement is available. Whitepapers describing blockchain projects, while a type of disclosure document, are typically not compliant with securities law and would not satisfy this requirement. However, even if a valid prospectus exemption is available, issuers are still subject to disclosure and other ongoing obligations that may attract civil liability.

Fintech businesses trading or advising in cryptocurrency coins and tokens that are considered securities, or that wish to establish cryptocurrency investment funds, will need to be properly registered with regulators or rely on an exemption from the registration requirement, and may also have know-your-client or suitability obligations. The CSA acknowledges that such obligations could be satisfied through a “robust, automated, online process that incorporates investor protections.”

The CSA Notice further provides that cryptocurrency investment funds must conduct due diligence on cryptocurrency exchanges used to purchase cryptocurrencies for their portfolios. It also provides that custodians holding such portfolios, in addition to meeting prescribed requirements under Canadian securities laws, should have sufficient expertise holding cryptocurrencies. For example, custodians should be familiar with hot and cold storage security measures and other safeguards to keep cryptocurrencies protected from theft. This latter requirement may present a unique challenge for established custodians that are not yet set up to incorporate such measures.

Platforms facilitating trading of cryptocurrency coins or tokens may need to comply with marketplace requirements or obtain an exemption from registration. The CSA Notice confirms that, to date, no cryptocurrency exchange has been recognized in any jurisdiction of Canada or exempted from obtaining a recognition order.

In addition, the CSA Notice indicates that cryptocurrency products may also be considered derivatives and therefore subject to additional requirements, including trade reporting rules.

Take Hold

The CSA Notice itself serves as a warning to the ecosystem of blockchain technology business –buyers, sellers, creators, exchanges and traders – that the days of unqualified, non-exempt ICOs for all cryptocurrency technologies are over. Identifying the ICOs targeted for enforcement action would be speculative, but Staff raise the spectre by referencing “costly regulatory surprises.” The CSA cautions that, of the ICOs reviewed to date, “many” blockchain and cryptocurrency technologies give rise to specialized securities law considerations. Consequently, the CSA clearly expects each ICO to receive careful securities law analysis that reflects an assessment of its unique characteristics.

1 CSA Staff Notice 46-307 Cryptocurrency Offerings (CSA Notice), dated August 24, 2017, was published by staff in all jurisdictions of Canada except Saskatchewan (Staff):

2 See press release containing link to the report:

3 OSC News release, March 8, 2017:

4 SEC Issues Landmark Report on Blockchain Fundraising: Initial Coin Offerings "May Be" Securities Offerings, July 28, 2017:

5 Pacific Coast Coin Exchange v. Ontario Securities Commission, [1978] 2 S.C.R. 112


Deadlines Under Federal Legislation Temporarily Extended Due to COVID-19

Sept. 24, 2020 - Introduction Parliament passed on July 27, 2020, the Time Limits and Other Periods Act (COVID-19) (Time Limits Act), which we summarized in a previous bulletin. Briefly, the Time Limits Act automatically suspends statutory time limits for federal civil proceedings for six months and...

The Times They Are A Changin’ Canadian Privacy Law in the Private Sector

Sept. 18, 2020 - When privacy laws for the private sector were in their infancy in Canada, more than 20 years ago, there was no Internet of Things, Facebook was FaceMash and limited to the Harvard campus, and Google was a toddler. In 2020 there are on average 4 billion Google searches a day, Facebook has more...