Summary
The SEC has incorrectly categorized most crypto tokens as investment contract securities.
A crypto token should only be considered a security if its programming includes the ability to make payments, similar to the terms of payment specified in the contract of a traditional security.
Digital securities should be sorted into four classes based on the different risks they pose to investors.
Regulations for digital securities should be tailored to the specific risks of each of the four classes of digital securities.
How Should Crypto Tokens Be Regulated?
Perhaps the most vital legal question holding back the burgeoning cryptocurrency industry is how to determine which crypto tokens (digital assets traded on decentralized public blockchains) should be classified as securities. Securities and Exchange Commission (SEC) officials, guided by their new Chair Paul Atkins and Crypto Task Force head Commissioner Hester Peirce, are engaging with major players and key constituencies from across the cryptocurrency industry, ranging from long-time Bitcoiners to corporate executives, to academic experts,[1] in an effort to build appropriate definitions, standards, and guidelines for digital securities.[2]
Congress, too, is seeking to address this important issue. The recent Creating Legal Accountability for Rogue Innovators and Technology (CLARITY) Act of 2023 is under consideration in the House of Representatives.[3] A bill is expected soon in the Senate based on the Principles for Market Structure Legislation recently released by Senators Tim Scott, Cynthia Lummis, Thom Tillis, and Bill Hagerty.[4]
These proposals will direct the US financial regulatory agencies in establishing a regulatory regime for digital assets and determining which crypto tokens should be treated as securities under the law. It is vital that Congress lay out a proper foundation for this regime, as details and implementation are likely to play out over years or decades.
To help frame that foundation, this brief proposes a simple way to differentiate which crypto tokens should be treated as securities. Although the legal definition of securities is murky and confusing, a clear and simple standard is commonly used in economics and finance: a security is a tradable financial contract that promises future payments to the owner.[5]
This definition can be applied to crypto tokens. In the same way that the terms of payment for a traditional security are specified in a legal contract, the details of payment can be programmed into certain types of crypto tokens that have the ability to execute code, known as “smart contracts.” Anyone, be they a government regulator or average investor, can easily check if the code of a crypto token allows it to make payments and under what conditions any payments will occur. Only tokens programmed to make payments should be classified as digital securities.
In addition, digital securities should be sorted into classes based on the different risks they pose to investors, so that regulations can be tailored to specific risks. The most basic digital securities, for example, can only pay out funds already held in their smart contract. They pose little risk to investors since the funds available and conditions of payment can be easily verified. Tokens with the ability to execute embedded code are known as “smart contracts.” If a token has the ability to make payments, then it should be classified as a digital security. In some ways, a digital smart contract provides even more certainty than a traditional legal contract: once a token is launched, its code can never be changed.
Some digital securities are more complex and carry higher levels of risk. These include tokens programmed to make payments to the owners but whose interest rates or fees may still be changed by the issuers, in the same way that a bank might adjust the interest rate it pays to depositors or the manager of a corporation decides when its stock will pay dividends. While riskier than the simplest digital assets, these tokens maintain the advantages of transparency and reliability that stem from being fully on-chain.
Tokenized real-world assets — digital representations of ownership over tangible assets like commodities or real estate — are potentially the riskiest form of digital securities since their conditions and funding cannot be verified on the blockchain. These tokens represent ownership of some real-world, “off-chain” asset, and should therefore be subject to all the rules and regulations that apply to its non-digital equivalent. If, for example, a corporation like Apple or Tesla wanted to issue equity stock shares as digital securities, the tokenized securities would be required to comply with traditional securities laws, even if their equity tokens were traded only on decentralized blockchains rather than on traditional exchanges.
Different regulatory regimes apply to different classes of traditional financial instruments (like stocks, bonds, and mortgage-backed securities) according to their types and levels of risk. The same classification can be done for digital assets. Although the SEC is currently working to establish a clear and practical regime for the classification and regulation of digital securities, Congress still has an important role to play. Legislative clarity is needed to direct the SEC’s actions and to strengthen this new regulatory framework against future revision or misuse.
What are Investment Contracts?
Much confusion around the classification of digital assets stems from the strategy of Gary Gensler, who served as SEC Chair from 2021 to 2025. Rather than creating clear regulations through the standard rule-making process, Gensler’s regime regulated using enforcement actions and wrongly classified most crypto tokens as a rare type of security known as an investment contract.[6] Those actions have left the SEC, Congress, and the crypto industry in disarray, lacking a clear definition for digital securities.
No clear legal definition exists to classify what constitutes a “security.” The statute 15 US Code § 77b is intended to legally define a “security,” but it does not provide a general definition or set of characteristics for the classification.[7] Rather, it simply lists the assets to be classified as securities, including commonly known assets such as stocks and bonds, and rarer items like investment contracts.
Investment contracts similarly lack a statutory definition. Their defining criteria are taken from the “Howey Test,” outlined in the Supreme Court ruling on SEC v. W.J. Howey Co. (1946). To qualify as an investment contract, an asset must be:
1. An investment of money…
2. in a common enterprise…
3. with expectations of a profit…
4. to be derived from the efforts of others.
Although there are some unusual cases, the simple way to think about an investment contract is as a security in which the benefits to the investor are based on an informal promise rather than an explicit legal contract. The seller of an asset might promise that the asset will increase in value, generating an “expectation of profits” for the investor. Because they are typically based on implicit rather than explicit agreements, investment contracts generally belong to an overlapping subset of the classes of securities and commodities, as shown in Figure 1.
Figure 1. Venn diagram of securities, commodities, and investment contracts
The SEC exploited the vagueness of the Howey Test to wrongly classify many crypto tokens as investment contracts.[8] While there were likely some token issuers who promised profits to investors, the vast majority of tokens were issued without such promises. Because investment contracts comprise only a small subset of securities, the Howey Test is not a useful guide to determining which crypto tokens are or are not securities.
Which Tokens are Securities?
How can regulators and token issuers judge which crypto tokens should be classified as securities? Congress and US financial regulators could adopt the standard definition used in economics and finance: a security is a tradable financial contract that promises some future payment to the owner.
The key element differentiating securities from other financial instruments is the promise of future payments. A bond, for example, promises a specific payment each period (often semi-annually), while a stock makes payments only if the company is profitable and at the discretion of corporate managers. Securities rules exist to make sure people get paid what they were promised and have enough information to understand what could go wrong, or why the investment might lose value.
The terms of payment for digital securities are actually more transparent than those for traditional ones. Digital securities have the terms of payment programmed into the token itself.
Once a token is deployed to the blockchain, its code can never be changed. The open, transparent nature of decentralized blockchains allows anyone to verify the funds available in a smart contract as well as the conditions under which payments will be made to token holders. Just knowing the contract address on the blockchain, regulators or investors can look up the contract on a blockchain-specific website like Etherscan for the Ethereum network or even in search engines like Google to get information about what token balances are held in the contract and all transactions that have ever been made with it. Issuers might be required to make basic disclosures, which would be much simpler than the financial statements of giant corporations. Given these advantages, such digital assets pose limited risk to investors and therefore require minimal regulation.
Classes of Digital Securities
Regulations on traditional securities vary by class based on the type of risk an asset poses to investors. The same logic should apply to classes of digital securities. This section considers four general classes of digital securities as well as non-security digital assets.
Tokenized Real-World Assets
Tokenized real-world assets, as previously mentioned, are digital assets that represent some off-chain asset. If the off-chain asset is a regulated security, like the example above of stock issued by Apple or Tesla, then the token should be similarly regulated by the SEC. Since their terms and conditions are stated in traditional legal contracts, such assets must be subject to the same laws and regulations as other traditional securities, although there may be additional rules regarding digital payments and transferability.
Decentralized On-Chain Digital Securities
Fully on-chain securities, those deployed on a decentralized public blockchain, can be separated into two types: centralized and decentralized. Tokens, which can be described as “decentralized on-chain digital securities,” have the ability to make payments and (once deployed to the blockchain) are fully decentralized and can never be changed. A decentralized exchange (DEX) trading pool, for example, allows any party to swap one token for another. The smart contract charges a fee for each trade, the proceeds of which are paid out to DEX token holders. In this case, the token holders receive a variable payment based on the size and number of trades, but the terms of payment are inalterably programmed into the contract, making it a fully decentralized digital security. This class of security requires minimal regulation (if any) by the SEC; perhaps only a disclosure by the issuer or a third-party code verification would be appropriate. Such disclosures could be simple, unlike the complex quarterly reports required for publicly traded companies, which often run hundreds of pages.
Centralized On-Chain Digital Securities
Some tokens, however, can make payments but should not be classified as fully decentralized. Sometimes, a token is programmed to make payments, but some variable, like the timing or amount of the payment, can still be controlled by an outside party. These later-adjustable tokens can be considered a “centralized on-chain digital security,” and would require much less regulation than traditional securities. They retain the safe and transparent features of the blockchain, but they may require certain disclosures so that investors can be made fully aware of the sources of funds, conditions of payment, and any potential risks.
Digital Investment Contracts
A small portion of crypto tokens may be accompanied by claims or promises that the asset will appreciate in value, which would make it part of an investment contract. Investment contracts are not fully on-chain securities, though, since the promise of returns is implicit, not programmed into the smart contract. The SEC should continue to monitor and regulate these riskier, relatively rare activities that might constitute an investment contract.
Non-Security Digital Assets
Finally, crypto tokens that cannot make payments should not be classified as securities and should not be subject to SEC regulation. More likely, they are commodities, and therefore should be regulated by the Commodities and Futures Trading Commission (CFTC). Bitcoin, for example, has been identified as a commodity by former SEC Chair Gensler and former CFTC Chair Rostin Behnam.[9] Other, simpler tokens that do not make payments are similarly commodities, especially the base-layer tokens that are used for transactions on other decentralized blockchains.
Decision Tree for Classes of Digital Securities
Figure 2 shows a decision tree using the basic characteristics discussed above. Traditional securities and investment contracts are subject to traditional financial (“TradFi”) regulation. Fully on-chain securities can be sorted into decentralized and centralized types, depending on whether an outside entity maintains control over important aspects of the payment contract. Digital assets that do not promise to make payments are not securities but commodities and may be regulated by the CFTC.
Figure 2. Framework for identifying classes of digital assets
A few unusual assets will, of course, not fit neatly into a particular class.[10] Tokens in multiple classes may require concurrent regulation, but this framework provides a useful guide to differentiating the primary classes of digital assets.
DEX Regulation
A related question is whether the SEC or some other agency should regulate decentralized exchanges. In the current system, centralized crypto exchanges like Coinbase and Kraken act as entry points or “on-ramps” for US citizens to enter the crypto space by trading their US dollars for cryptocurrency. These on-ramps conduct Know Your Customer and Anti-Money Laundering (KYC/AML) verification and other regulatory activities, just as banks do. Some have proposed that decentralized exchanges should be subject to a similar regulatory regime.[11]
This argument, however, misunderstands the nature of DEXs, which are, by definition, decentralized. A DEX creator issues smart contracts, each of which allows users to swap one token for another. The DEX is simply a collection of these smart contracts. If the integrity of the smart contract has been verified, then so has the DEX. Thus, DEXs may be regulated at the smart-contract level without the need for additional regulations, which have raised bank compliance costs[12] and lowered wages for low-skilled workers[13] without reducing the frequency of financial crises.[14]
How to Regulate Crypto Tokens
Rather than treating crypto tokens as investment contracts based on the Howey Test, the SEC should determine whether a token is a security based on its ability to make payments. Only tokens with the ability to make payments should be classified as digital securities. On-chain securities may be classified as centralized or decentralized, depending on whether they have aspects that can be changed after issuance. Fully on-chain securities require minimal regulation compared to tokenized real-world assets and investment contracts. On-chain digital securities exhibit the transparency and reliability of decentralized blockchains, which can be used to verify the terms and conditions of payment and, in some cases, the funds available to be paid out to token holders.
While the SEC is building a regulatory regime for digital securities within the current legal framework, Congress should act to guide the SEC’s actions and ensure that the regulations and policies created by the SEC are clear, appropriate for the class of a digital asset being regulated, and resilient to changing administrative interpretation in a way that erodes the rule of law.
Thomas L. Hogan is Associate Professor of Economics at the University of Austin as well as Associate Senior Research Fellow at the American Institute for Economic Research (AIER) and Senior Fellow at the Bitcoin Policy Institute (BPI).
Endnotes
[1] Descriptions and of the Crypto Task Force Roundtables and lists of the panelists can be found here: https://www.sec.gov/newsroom/press-releases/2025-57
[2] For more information, visit the SEC’s Crypto Task Force website: https://www.sec.gov/about/crypto-task-force
[3] The full text of the bill can be found online: https://www.congress.gov/bill/118th-congress/house-bill/6307/text
[4] More information here: https://www.banking.senate.gov/newsroom/majority/scott-lummis-tillis-hagerty-release-principles-for-market-structure-legislation
[5] For example, the textbook by Staszkiewicz and Staszkiewicz describes a security as “a contract that gives rise to a financial asset of one entity and a financial liability or equity instrument of another entity” that is designed to be traded on the secondary markets.” See Staszkiewicz, Piotr and Lucia Staszkiewicz (2015) Finance: A Quantitative Introduction, Volume 1, pp.7-8.
[6] See, for example, Hogan, Thomas L. (2023) “The SEC’s Illegal War on Crypto,” AIER Daily Economy. July 14, 2023. https://www.aier.org/article/the-secs-illegal-war-on-crypto/
[7] The text of 15 US Code § 77b is available online here: https://www.law.cornell.edu/uscode/text/15/77b
[8] Shiller, Ben (2023) “SEC’s Gensler Suggests All Crypto Other Than Bitcoin Are Securities,” CoinDesk. Feb 28, 2023. https://www.coindesk.com/video/secs-gensler-suggests-all-crypto-other-than-bitcoin-are-securities/
[9] Kebin Helms (2022) “SEC Chair Gensler Affirms Bitcoin Is a Commodity — ‘That’s the Only One I’m Going to Say’” Bitcoin.com. June 27, 2022. https://news.bitcoin.com/sec-chair-gensler-bitcoin-is-a-commodity/
[10] Some securities may be a mix of off-chain legal contracts and on-chain smart contracts such as tokenized US Treasury bonds. The BlackRock product BUIDL, for example, is a tokenized security that makes payments on the blockchain, but the funds for such payments are generated by TradFi investments managed by BNY Mellon and the asset tokenization company Securitize. See Francisco Rodrigues and Krisztian Sandor (2025) “BlackRock, Securitize Expand $1.7B Tokenized Money Market Fund BUIDL to Solana,” CoinDesk. March 25, 2025. https://www.coindesk.com/markets/2025/03/25/blackrock-securitize-expand-usd1-7b-tokenized-money-market-fund-buidl-to-solana
[11] For example, Sirio Aramonte, Wenqian Huang, and Andreas Schrimpf of the Bank of International Settlements have proposed that applying TradFi regulations to DeFi would help address “issues related to financial stability, investor protection, and illicit activities.” Aramonte, Huang and Schrimpf (2021) “DeFi risks and the decentralisation illusion,” BIS Quarterly Review, December 2021. https://www.bis.org/publ/qtrpdf/r_qt2112b.htm
In addition, the SEC held an open comment period on its “proposed amendments to the definition of ‘exchange’ under Exchange Act Rule 3b-16” with a focus on “the applicability of existing rules to platforms that trade crypto asset securities, including so-called ‘DeFi’ systems.” https://www.sec.gov/newsroom/press-releases/2023-77
[12] Thomas L. Hogan and Scott Burns (2019) “Has Dodd–Frank affected bank expenses?” Journal of Regulatory Economics 55: 214–36.
[13] Thorsten Beck, Ross Levine, and Alexey Levkov (2010) “Big Bad Banks? The Winners and Losers from Bank Deregulation in the United States,” Journal of Finance 65: 1637–67.
[14] See Michael D. Bordo, Barry Eichengreen, Daniel Klingbiel and Maria Soledad Martinez-Peria (2001) “Is the Crisis Problem Growing More Severe?” Economic Policy, 16(32): 53-82.
