Ripple had designs to offer new digital assets for sale in the public exchange markets. The company received two legal opinions from an outside law firm confirming its ability to sell cryptocurrency without registering the assets with the Securities and Exchange Commission. Inadequate internal controls lead to significant liability the company and its founders.
Upon completion of this Case Study, participants will be able to:
- Explain how failure to properly market products and services may lead to civil liability
- Describe ways in which a company might take additional precautions in protecting itself from accusations of fraudulent conduct
- Understand the core concepts and concerns of the regulators applicable to interactions with the investing public
- Identify why your business should comply with federal laws even if you personally disagree with them
- Explain implications of civil penalties for business resulting from a federal investigation
State of the Industry
The cryptocurrency industry continues to grow rapidly. As this case study shows, cryptocurrency professionals, their lawyers, and investigators at the Securities and Exchange Commission differ in their opinions about the meaning of certain terms. When leaders begin to innovate, they should expect scrutiny from government agencies. Compliance plans may help leaders of innovative industries to protect against litigation.
Background and Analysis
This case study profiles San Francisco-based Ripple Labs, Inc. (Ripple), originally called Opencoin. This company used blockchain technology to create a new cryptocurrency that would compete with Bitcoin. As with Bitcoin, investors could exchange fiat currency (dollars) for cryptocurrency. All the information in this case study comes from four sources: one Securities and Exchange Commission (SEC) press release, one civil lawsuit filed by the SEC against Ripple, one joint letter to the judge in this case, and one newspaper article.
Congress created the SEC in the early 1930s in response to the abuses in the U.S. securities industry that led to the Great Depression. Generally, the SEC protects investors and regulates the U.S. capital markets. As part of its role, the SEC advocates for full disclosure to the public, protects investors from fraudulent and manipulative practices, and supervises and regulates certain mandatory requirements applicable to all participants in the securities industry. With the expanse of the cryptocurrency market, the SEC has weighed in on whether securities laws apply to the cryptocurrency market.
According to investigators at the SEC, and as outlined in their civil complaint against Ripple, the blockchain company created a new digital coin known as Ripple, or by its symbol, XRP. In 2012, Ripple sought legal advice on whether the company would have to register XRP as a security with the SEC.
Ripple’s lawyers apparently told the company that under certain circumstances, the SEC may consider Ripple’s XRP as an “investment contract” and therefore a security under the federal securities laws. The lawyers encouraged Ripple to register with the SEC.
The leaders of Ripple, Bradley Garlinghouse and Christian Larsen, chose not to file with the SEC. Since they did not file with the SEC, investors could not access information that the SEC considered material to investment decisions. Instead, investors only received information that Garlinghouse and Larsen chose to provide. While the leaders said they were long on Ripple’s XRP, they liquidated personal holdings valued at more than $600 million.
Besides selling XRP, the company distributed Ripple for service and labor. The recipients of the cryptocurrency, however, could only access information that the company chose to provide—rather than the type of information filed with the SEC.
The SEC sued Ripple seeking civil penalties of $1.3 billion related to Ripple’s sale of unregistered offerings in XRP over a seven-year period. The $1.3 billion in penalties represents the revenue Ripple received from the sale of XRP during those seven years.
The SEC investigation into XRP stretched to over two years. During that time, Ripple insisted that the SEC should not classify XRP as a security. Ripple premised its position on a 2015 settlement between Ripple and the SEC’s Financial Crimes Enforcement Network and the Justice Department. That case required Ripple to pay a $700,000 fine to settle allegations that Ripple failed to maintain a proper compliance program aimed specifically at avoiding and detecting money laundering through its securities offerings.
We recommend that when companies hire law firms to help them assess risk, the companies should adhere to the guidance of counsel. In this case, a failure to abide by the recommendations of the law firm has exposed many people to loss and risks. Compliance programs begin with risk assessments. They follow through with transparent documentation showing policies and procedures. Those procedures, theoretically, should protect the company.
In this case, according to the SEC complaint, the founders ignored risks. Their actions exposed investors to massive losses, and exposed the company to the potential of a criminal indictment.
These types of failures by business owners can lead to catastrophic results for smaller-sized and mid-sized businesses.
Federal investigations and civil lawsuits cost businesses hundreds of thousands of dollars to defend.