BizLegal-AIStart Free
jurisdiction

SEC Howey Test Guide: Is Your Token a Security? (US)

BizLegal-AI Intelligence Deskus

SEC Howey Test Guide: Is Your Token a Security? (US)

What Is the Howey Test in the United States (SEC/CFTC)?

The Howey Test is the foundational legal framework the U.S. Securities and Exchange Commission (SEC) uses to determine whether a financial instrument — including a crypto token or digital asset — qualifies as an "investment contract" and therefore a security under federal law. The test originates from the landmark 1946 Supreme Court decision SEC v. W.J. Howey Co., and it remains the primary analytical tool used by the SEC, federal courts, and legal counsel when evaluating whether a token offering triggers securities registration requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934.

For founders launching token projects, understanding the Howey Test is not optional — it is a threshold compliance obligation. If your token meets the definition of a security and you have not registered with the SEC or secured a valid exemption (such as Regulation D, Regulation A+, or Regulation S), you are exposed to enforcement action, disgorgement of proceeds, civil penalties, and in egregious cases, criminal liability. The SEC has brought dozens of enforcement actions against token issuers, including against projects like Ripple (XRP), LBRY, and Telegram's TON network, making this one of the most litigated areas of U.S. securities law today.

Legal Requirements and Regulatory Framework

The primary statutory authority governing the Howey Test analysis is Section 2(a)(1) of the Securities Act of 1933, which defines a "security" to include "investment contracts." The SEC has broad jurisdiction to enforce this definition, and the agency has made clear through guidance documents — including the 2019 Framework for "Investment Contract" Analysis of Digital Assets published by the SEC's Strategic Hub for Innovation and Financial Technology (FinHub) — that most utility token claims do not override a Howey analysis.

The Commodity Futures Trading Commission (CFTC) also plays a role in this regulatory landscape. Cryptocurrencies like Bitcoin (BTC) and Ether (ETH) have been characterized by the CFTC as commodities, placing them outside SEC jurisdiction for spot trading. However, when a token meets the Howey Test criteria, SEC jurisdiction attaches regardless of how the issuer labels the asset. The interplay between the SEC and CFTC remains an active area of regulatory development, particularly under evolving legislative proposals such as the Financial Innovation and Technology for the 21st Century Act (FIT21).

Key Clauses and Requirements: The Four Prongs of the Howey Test

A financial instrument — including a crypto token — is considered an investment contract (and thus a security) if it satisfies all four prongs of the Howey Test simultaneously. Legal counsel and founders must analyze each prong carefully in the context of the specific token structure, sale mechanics, and surrounding circumstances.

  • Prong 1 — Investment of Money: There must be an investment of money or other tangible consideration. In practice, this prong is almost always satisfied in token sales, as purchasers exchange fiat currency, ETH, BTC, or other assets for tokens.
  • Prong 2 — Common Enterprise: The investment must be in a common enterprise. Courts apply either a horizontal commonality standard (pooling of investor funds) or vertical commonality (investor fortunes tied to those of the promoter). Most token sales readily satisfy this prong given pooled treasury structures and shared platform development.
  • Prong 3 — Expectation of Profits: Investors must reasonably expect to earn profits from their investment. The SEC's FinHub framework examines whether purchasers are motivated by speculative or investment intent, whether the token is marketed with promises of price appreciation, and whether secondary market trading is anticipated. This is often the most contested prong in token litigation.
  • Prong 4 — Efforts of Others: The expected profits must derive primarily from the managerial or entrepreneurial efforts of a third party — typically the founding team or a central organization. If token holders are passive and rely on a core development team to build out the ecosystem and drive value, this prong is satisfied. Genuine decentralization can potentially negate this prong, but the SEC scrutinizes decentralization claims rigorously.

Step-by-Step Process: Applying the Howey Test to Your Token

Founders and their legal counsel should work through the following structured process before launching any token offering in the United States or to U.S. persons.

  • Step 1 — Engage Qualified Securities Counsel: Retain a U.S. securities attorney with demonstrated experience in digital assets before designing your token economics or initiating any sale. The Howey analysis is highly fact-specific and requires legal judgment, not just a checklist.
  • Step 2 — Document Your Token's Functional Utility: Clearly define and document the token's consumptive use within your protocol at the time of sale. Utility at launch is a meaningful (though not determinative) factor in the Howey analysis.
  • Step 3 — Analyze Marketing Materials Against Each Prong: Review all pitch decks, website copy, social media content, and whitepaper language through the lens of each Howey prong. Statements referencing ROI, price appreciation, exchange listings, or team-driven value creation will weigh heavily toward security classification.
  • Step 4 — Assess Decentralization and Governance: If your protocol is genuinely decentralized at launch with no controlling party, document that structure thoroughly. Reference the SEC's FinHub framework for guidance on what constitutes sufficient decentralization.
  • Step 5 — Determine Exemption Strategy if Security Classification Is Likely: If the Howey analysis indicates your token is likely a security, work with counsel to structure the offering under an applicable exemption — Regulation D (Rule 506(b) or 506(c)) for private placements, Regulation A+ for smaller public offerings up to $75 million, or Regulation S for offshore sales to non-U.S. persons.
  • Step 6 — Implement Investor Qualification and KYC/AML Procedures: For any exempt offering, ensure robust know-your-customer (KYC) and anti-money laundering (AML) procedures are in place, along with accredited investor verification where required.
  • Step 7 — File Required Forms with the SEC: Submit Form D filings within 15 days of the first sale for Regulation D offerings. Maintain records of all investor communications and subscription agreements.

Common Mistakes to Avoid

Many token issuers make avoidable errors that significantly increase their SEC enforcement risk. Understanding these pitfalls is as important as understanding the Howey Test itself.

  • Labeling a token "utility" without substantive utility at launch: The SEC consistently rejects the argument that a "utility token" label overrides a Howey analysis. If consumptive use is not immediately available and meaningful at the time of sale, the utility argument carries little weight.
  • Marketing to U.S. persons without a compliance structure: Attempting to exclude U.S. investors via website geoblocking while actively marketing on U.S.-facing social media channels is insufficient and has been cited in SEC enforcement actions as evidence of willful non-compliance.
  • Relying on SAFT agreements without proper legal review: Simple Agreements for Future Tokens (SAFTs) were designed to defer token delivery until a network launches, but the SEC has made clear that SAFTs do not automatically resolve the securities question for the underlying token.
  • Assuming CFTC commodity status forecloses SEC jurisdiction: A token may simultaneously be treated as a commodity by the CFTC for derivatives purposes and as a security by the SEC for issuance purposes. These are not mutually exclusive classifications.
  • Failing to update the Howey analysis as the project evolves: A token that launches as a security may potentially transition to a non-security as genuine decentralization occurs, but founders must document that transition and ideally seek a no-action letter or informal guidance from the SEC.

Frequently Asked Questions

Is my token a security if I call it a utility token?

No. The label you apply to your token is irrelevant to the SEC's analysis. The SEC looks at the economic substance of the transaction, not its form or label. If your token satisfies all four prongs of the Howey Test based on how it is sold, marketed, and how investors reasonably perceive it, it is a security regardless of what you call it. Multiple enforcement actions — including against projects that explicitly marketed tokens as utility tokens — confirm this position.

Does the SEC Howey Test apply to tokens sold outside the United States?

The Howey Test and U.S. securities laws apply to all offers and sales made to U.S. persons, regardless of where the issuer is incorporated or where the sale physically occurs. If U.S. persons can purchase your token, U.S. securities law is triggered. Regulation S provides an exemption for offerings conducted entirely outside the U.S. to non-U.S. persons, but strict conditions apply, including resale restrictions and no directed selling efforts in the United States.

What is an SEC security token and how does it differ from a regular token?

An SEC security token is a digital asset that has been determined — either through legal analysis, SEC guidance, or enforcement — to constitute a security under U.S. federal law. Security tokens are subject to the full registration and disclosure requirements of the Securities Act of 1933 and the Exchange Act of 1934, unless an exemption applies. They differ from non-security tokens (such as Bitcoin or Ether in their current forms) in that their issuance, sale, and secondary trading on exchanges triggers broker-dealer, exchange registration, and investor protection obligations under SEC rules.

Can a token start as a security and later become a non-security?

Yes, this is theoretically possible and the SEC has acknowledged this concept. Former SEC Director William Hinman's 2018 speech articulated the view that sufficiently decentralized networks — where no central party's efforts are the primary driver of value — may not involve securities transactions even if the original token sale was a securities offering. However, issuers should not rely on this theory without specific legal guidance, as the SEC has not issued formal rules codifying this transition and the standard for "sufficient decentralization" remains undefined in binding regulation.

What are the consequences of failing the Howey Test without SEC registration?

Failing to register a security offering with the SEC — or failing to qualify for a valid exemption — exposes issuers to enforcement action by the SEC's Division of Enforcement, which can include cease-and-desist orders, disgorgement of all proceeds raised, prejudgment interest, civil monetary penalties, and injunctive relief. In cases involving fraud or willful violations, the Department of Justice may pursue criminal charges. Investors also retain a private right of rescission under Section 12(a)(1) of the Securities Act, meaning they can demand their money back, creating significant financial liability for issuers.

Howey testSEC security tokenis my token a securityunited-states
Turn this guide into a plan

Get your jurisdiction-specific compliance risk score

BizLegal-AI maps your structure against this exact regulation and tells you what's missing — before a regulator does. Free preview, no card required.

Run my free risk check →

Used by founders & counsel across 50+ jurisdictions · Not legal advice

Related

Regulatory changes, before they cost you

One email when a rule that affects crypto, fintech, or cross-border deals actually changes. No noise. Unsubscribe anytime.

Disclaimer: BizLegal-AI produces regulatory intelligence and working drafts. It is not legal, financial, or tax advice. Consult qualified counsel for specific situations.