October 31, 2019. Halloween. I was dressed as an SEC enforcement officer.

My lawyer calls with the best news of my life: “The SEC is closing the investigation. No enforcement action. And Mason — they want you to know they were complimentary of you.”

It was proof that every bit of concern, every dollar spent on our high-end, fancy office lawyers at DLA Piper was absolutely worth it.


Why They Came

In 2017, Tokensoft was arguably the only company helping founders issue tokens legally in the United States.

This created an odd situation. The SEC was watching a market full of projects raising hundreds of millions with no disclosure, no investor protections, and no compliance infrastructure. We were the company building that infrastructure. Which meant we were also the company they could find.

The investigation opened in 2017. Before we launched, I had retained Andrew Ledbetter at DLA Piper — a former SEC attorney — to review every screen, every contract, every word on the website. We knew exactly where the lines were. We knew the grey areas, and we had those addressed in our template master services agreement.

What we built wasn’t an accident. It was deliberate.


The Hallmarks

At the time, most founders were guided to take the risk. The legal consensus was vague. Token sales were everywhere. The argument was that if everyone was doing it, enforcement would be selective and slow.

We disagreed.

The SEC has well-established hallmarks of illegal broker-dealer activity. Three things trigger it: taking a percentage of the transaction, promoting securities to investors, and soliciting investors. We structured Tokensoft to avoid all three.

Flat fees. Not transaction percentages. We never took a cut of a raise.

No promotion. We didn’t market our clients’ tokens. We built infrastructure. The client promoted their own project. We processed the compliance.

No solicitation. We didn’t find investors for our clients. We built the software that processed investors the clients already had.

When the SEC investigated us, what they found was a software company that had studied the securities laws more closely than they had.


The Tezos Lesson

While our own investigation was running, we were watching what happened to founders who hadn’t thought any of this through.

Tezos raised $232 million in 2017. The legal and investor disputes that followed cost far more than any compliance infrastructure would have. We eventually helped Tezos with retroactive compliance — running 34,000 investors through a PwC audit process to verify eligibility after the fact.

Retroactive compliance is brutal. It’s expensive, slow, and uncertain. Proactive compliance is fast and cheap by comparison. You know the rules before you start, you build to them, and you don’t spend the next two years explaining yourself to regulators and plaintiffs simultaneously.

The founders who called us before the problems started had an easier time. Over a hundred tokens launched, a million investors processed, and no SEC enforcement actions.


44 Montgomery

People ask me why I moved Tokensoft into 44 Montgomery Street in San Francisco’s Financial District.

Part of it was the address — the Financial District is where you belong if you’re building financial infrastructure. Part of it was something more deliberate.

The SEC’s San Francisco field office was on floor 28. We took floor 38.

We wanted to be near the regulators. Not to avoid them — to build relationships with them. The SEC had a “DLT Research Group” at the time, working to understand blockchain technology from the inside. We briefed them. We explained how the technology worked, what the compliance architecture looked like, what distinguishes a software company from a broker-dealer.

You can be adversarial with regulators or you can educate them. I chose to educate.

When the investigation closed in 2019, the message from three SEC divisions was the same: they were complimentary of Tokensoft’s cooperation and compliance practices. They were comfortable with how we had built the company.


What I Learned

Four things I’d tell anyone building at the intersection of crypto and compliance:

Be conservative when uncertain. When the rules are unclear, structure as if the most restrictive interpretation applies. You can always relax later. You cannot always unwind a mistake.

Know the regulatory landscape before you build. This is not optional. Retain counsel that knows the specific space. Generic startup lawyers are not enough. Get someone who has worked inside the agency you’ll eventually interact with.

Build relationships with regulators before you need them. The DLT Research Group wasn’t trying to shut us down. They were trying to understand the technology. Engaging with that group, briefing them, treating them as informed parties rather than enemies — that mattered when the investigation came.

Cooperation is a strategy, not a concession. The investigation lasted two years. At no point did we treat it as an adversarial proceeding. We answered questions. We provided documents. We explained our architecture. The outcome was no enforcement action and explicit recognition of our compliance practices.

Build the right way from day one. The cost is modest. The downside of not doing it is everything.


Originally published on The Masonic. Subscribe for occasional writing on tokenization, compliance, and what’s actually happening at the frontier of financial technology.