Faculty of law blogs / UNIVERSITY OF OXFORD

Corporate Governance Challenges in Initial Coin Offerings


Aurelio Gurrea Martínez
Associate Professor of Law, Singapore Management University
Nydia Remolina
Adjunct Professor of Financial Regulation and Fintech Law at Singapore Management University and Research Associate at the SMU Centre for AI and Data Governance


Time to read

4 Minutes

In the past years, Initial Coin Offerings (ICOs) have become an important fundraising method for many individuals and firms. While most regulators, academics and policymakers around the world have focused their attention on whether and, if so, when ICOs are subject to securities laws, they have overlooked many other legal issues existing in ICOs. In a recent article, entitled ‘Corporate Governance Challenges in Initial Coin Offerings’, we seek to partially fill this gap by analyzing the legal challenges of ICOs from the perspective of consumer and investor protection. Namely, our article explores the exacerbated agency problems existing between the issuers and buyers of tokens, and why traditional corporate governance mechanisms fail to protect tokenholders. Based on these problems, we suggest various regulatory responses to address the corporate governance challenges existing in ICOs.

We argue that the buyers of tokens (tokenholders) are subject to exacerbated agency problems as a result of several factors. First, due to the complexity of the products and technology financed through an ICO, tokenholders are usually subject to large asymmetries of information. 

Second, the buyers of security tokens (security tokenholders) are protected through securities laws. Moreover, if the token represents a share in a company (that is, it is a ‘tokenized share’), they can even be protected by corporate law, since they will formally be considered ‘shareholders’. Therefore, they will enjoy all the rights potentially available to the shareholders (eg, voting rights, inspection rights, derivative actions, oppression remedies, etc). Unfortunately, these protections do not exist for the buyers of non-security tokens (non-security tokenholders). Therefore, when an ICO just involves the issuance of non-security tokens, there will be fewer legal mechanisms to protect tokenholders. If so, only consumer laws may provide some form of protection. Still, since the issuer of tokens cannot be easily found and sued, consumer laws will also fail to properly protect tokenholders.

Third, due to the non-existence of a market for corporate control that can lead to the removal of inefficient or dishonest managers,  as may happen through a successful hostile takeover in the context of listed companies, promoters of ICOs may not have incentives to maximize the interest of tokenholders.

Fourth, although tokenholders enjoy some contractual rights established in the document issued by the promoter when the ICO is launched (White Paper), these rights may not be easily enforced.  In practice, since a White Paper may just consist of a PDF document uploaded to a website that can quickly disappear, and the people behind the ICO may not even be known, tokenholders will not have the ability to sue the issuer for a breach of the conditions established in the White Paper.

As a result of these problems, regulators and policymakers could think about adopting various responses traditionally existing in corporate governance (eg, fiduciary duties, disclosure, empowerment of investors, etc). After analyzing some of them, our paper explains why they all fail in the context of ICOs. For this reason, we suggest a new regulatory framework for ICOs based on four primary pillars.

First, we argue that regulators should create a registry of ICOs. Then, any issuance of tokens, regardless of the legal nature of the token (ie, security token or non-security token), should be disclosed to the regulator. This can be conducted through a simple, harmonized electronic form providing some basic information about the promoter, the tokens, the terms of the White Paper, the rights of tokenholders, the risks of the ICO, and the advisors involved in the ICO. This idea was initially suggested in our previous research on ICOs and, with some variations, has been adopted by some jurisdictions (eg, France) and proposed by others (eg the European Union). In our view, a registry of ICOs can create several advantages. From the perspective of regulators, it is not very costly and it could provide them with more information about the ICO market, facilitating supervision, investigation and awareness. From the perspective of tokenholders, the need to provide regulators with information about the ICOs and themselves will reduce the number of scams and opportunistic behavior from issuers. Finally, from the perspective of entrepreneurs, submitting a simple electronic form with some basic information would not imply significant compliance costs. Moreover, enhancing transparency and protection to tokenholders can incentivize more consumers and investors to buy tokens. Therefore, this proposal should also be attractive to entrepreneurs.

Second, regulators should adopt additional tools to protect non-security tokenholders. For that purpose, they may consider the possibility of implementing some mechanisms existing in many consumer protection laws. For example, if the tokenholder incurs any losses due to the promoter’s negligence, or as the result of any misleading information, the promoter should bear the onus of proving that it was not at fault. Thus, by putting the burden of proof on the promoter, it would be easier for the tokenholders to sue, leading to better behavior ex ante by the promoter. Another measure to protect tokenholders may consist of imposing ‘cooling off’ periods that would allow tokenholders to return tokens within a given period without incurring any costs.  The return of the token can even be implemented automatically through a smart contract. Thus, unless tokenholders ‘ratify’ their purchase decision within a few days, the token would be automatically returned to the promoter. In our opinion, even though tokenholders can still be subject to the opportunism of promoters, this measure can correct some of the asymmetries of information and irrational behavior potentially existing at the moment of purchasing the token.

Third, regulators should invest more resources in education and awareness about the risks associated with ICOs. And if a particular regulator does not have the sophistication or resources to properly perform this function (as it may happen in certain countries, particularly emerging economies), they can even consider the possibility of prohibiting the purchase of tokens, at least to retail consumers and investors.

Fourth, due to the global and decentralized nature of an ICO, the law applicable to an issuance of tokens is not always clear. In our view, there should be a minimum level of international harmonization when it comes to the applicable law governing the ICO.  For that purpose, perhaps the International Organization of Securities Commissions (IOSCO) could encourage regulators to adopt a unified approach to establish the applicable law, perhaps based on the place of residence or incorporation of the promoter. Alternatively, if countries adopt our proposed registry of ICOs, the promoter can even be allowed to choose the applicable law governing its ICO and provide this information in the electronic form submitted to the regulator. Regardless of the solution adopted, we think a harmonized approach to determine the law applicable to an issuance of tokens is needed for such a global phenomenon. Apart from being beneficial to promoters and regulators, it could create more certainty and protection to tokenholders.

In our view, by enhancing the level of protection for tokenholders and creating more certainty for entrepreneurs, the regulatory framework suggested in this article seeks to improve the attractiveness of ICOs as a fundraising method for individuals and firms while reducing the risk of opportunism of promoters vis-à-vis tokenholders.

Aurelio Gurrea-Martínez is an Assistant Professor of Law at Singapore Management University

Nydia Remolina is an Adjunct Professor of Financial Regulation and Fintech Law at Singapore Management University and Research Associate at the SMU Centre for AI and Data Governance


With the support of