Is a Crypto Token a Security? The Howey Test and SEC Enforcement

US crypto regulation has been driven less by new laws than by SEC enforcement applying decades-old securities rules to digital assets. The central question — is a given token a security? — turns on the Howey test, and the answer determines a token’s entire regulatory treatment. This guide explains the securities test, how enforcement has shaped the market, and what businesses must understand about the US approach.

What is the Howey test?

The Howey test is a four-part standard from a 1946 US Supreme Court case used to determine whether an arrangement is an investment contract, and therefore a security. It asks whether there is an investment of money, in a common enterprise, with a reasonable expectation of profit, derived from the efforts of others.

Although it predates crypto by decades, the Howey test is the primary lens US regulators apply to tokens. If all four elements are present, the asset is likely a security subject to securities law. The test’s flexibility is both its strength and the source of crypto’s uncertainty: applying a 1946 framework to novel digital assets requires judgment, and reasonable parties often disagree about whether a given token meets the criteria, particularly the fourth element about reliance on others’ efforts.

How is the Howey test applied to crypto tokens?

Regulators apply the Howey test by examining how a token was sold and marketed and whether buyers reasonably expect profit from the efforts of a central team. Tokens sold to fund a project whose success depends on that team’s work are more likely deemed securities; sufficiently decentralized tokens may not be.

The fourth element — profit from others’ efforts — is usually decisive for crypto. A token sold by a company to fund development, where buyers rely on that company to build value, looks like a security. By contrast, a token for a network so decentralized that no central party drives its value may fall outside the definition, an argument made about the most established cryptocurrencies. The marketing matters too: promising returns pushes a token toward security status. This analysis connects to the tokenomics and decentralization factors covered in our tokenomics guide.

Why does the securities classification matter?

The securities classification matters because it determines the entire regulatory burden on a token. A security must be registered or qualify for an exemption, comes with disclosure and conduct obligations, and can only be traded on regulated venues. Issuing or trading an unregistered security exposes a business to enforcement.

The consequences of being deemed a security are far-reaching. The issuer faces registration and ongoing disclosure requirements designed for traditional securities, which many crypto projects are not structured to meet. Trading platforms listing the token may need to register as securities exchanges. Failure to comply can trigger enforcement actions, financial penalties, and orders to rescind sales. This is why the classification question is existential for many projects, and why the uncertainty around it has been the central complaint of the US crypto industry.

How has enforcement shaped the US crypto market?

US crypto regulation has been driven primarily by enforcement actions rather than legislation. Regulators have pursued projects and platforms for offering unregistered securities, settling or litigating case by case, which has shaped market behavior without producing comprehensive, clear rules.

This enforcement-led approach, sometimes called “regulation by enforcement,” has been the defining feature and chief criticism of US crypto regulation. Rather than a clear rulebook like MiCA, the US developed its de facto rules through individual cases, leaving businesses to infer the boundaries from settlements and court decisions. This created persistent uncertainty: a project could not always know in advance whether its token would be deemed a security. The contrast with the EU’s comprehensive approach, covered in our MiCA guide, has been stark, though legislative efforts have aimed to provide more clarity.

What is the debate over crypto regulatory clarity?

The debate centers on whether existing securities law adequately covers crypto or whether new, tailored legislation is needed. The industry argues that applying a 1946 test creates uncertainty that stifles innovation, while some regulators contend existing law is sufficient and clear enough.

On one side, the industry and many legislators argue that crypto’s novelty demands purpose-built rules providing clear categories and a workable path to compliance, rather than forcing tokens through a framework designed for stocks and bonds. On the other, some regulators maintain that the Howey test is flexible enough to cover crypto and that most tokens are securities under existing law. This tension has driven legislative proposals aiming to clarify which assets are securities, which are commodities, and who regulates them — a resolution that would significantly affect the landscape described in our global landscape guide.

How should a business approach US securities risk?

A business approaches US securities risk by obtaining securities-law advice before issuing or listing a token, analyzing the token against the Howey test honestly, structuring offerings to fit registration or exemptions where applicable, and being conservative in marketing. The cost of getting this wrong far exceeds the cost of advice.

Given the stakes and the uncertainty, the prudent path is rigorous legal analysis from the outset. This means honestly assessing whether a token meets the Howey criteria rather than assuming a favorable answer, structuring any offering to comply with registration requirements or fit a recognized exemption, and avoiding marketing that emphasizes investment returns. Businesses serving US customers must also consider whether their platform activities implicate securities-exchange or broker rules. This conservative, advice-led posture is the same one our crypto finance hub recommends for every regulatory question, because enforcement consequences are severe and difficult to reverse.

What is the difference between a security and a commodity in crypto?

In the US, a crypto asset deemed a security falls under securities regulation with registration and disclosure duties, while one deemed a commodity falls under a different regulator with a lighter framework. The classification determines which agency has authority and what rules apply.

The security-versus-commodity distinction is central to US crypto regulation. Securities trigger the full registration and disclosure regime and one regulator’s authority; commodities fall under a different regulator with a framework focused more on market integrity than issuer disclosure. Bitcoin has generally been treated as a commodity, while many tokens sold to fund projects are viewed as securities. The boundary is contested, and clarifying it has been a central goal of proposed legislation, as our global landscape guide notes, because it determines the entire regulatory treatment of an asset.

How do other countries classify crypto assets?

Other jurisdictions use their own classification systems, often differing from the US securities analysis. The EU’s MiCA, for example, sorts tokens into e-money tokens, asset-referenced tokens, and other crypto-assets, a categorical approach distinct from the case-by-case Howey analysis.

Classification is not globally uniform. Where the US asks whether a token is a security via the Howey test, the EU applies MiCA’s categorical scheme, and other jurisdictions use their own definitions. This means the same token can be classified differently depending on the country, with different obligations attaching in each. For internationally active businesses, this divergence compounds the complexity, requiring analysis under each relevant jurisdiction’s framework, as detailed in our MiCA guide and global landscape guide.

How can a token offering reduce securities risk?

A token offering can reduce securities risk by structuring sales to comply with registration or fit a recognized exemption, avoiding profit-focused marketing, ensuring genuine utility and decentralization where claimed, and obtaining securities-law advice before launching. Structure and substance both matter.

Reducing securities risk requires aligning both the legal structure and the economic reality of an offering. Using compliant offering structures or qualifying exemptions addresses the registration requirement. Marketing the token for its function rather than its profit potential weakens the expectation-of-profit element. Building genuine decentralization and utility, rather than reliance on a central team, can weaken the efforts-of-others element over time. None of this is a guarantee, and all of it requires expert legal guidance, but a thoughtfully structured offering carries far less risk than one that ignores the analysis, the prudent posture our crypto finance hub recommends throughout.

What does evolving legislation mean for the securities question?

Proposed and emerging legislation aims to clarify which crypto assets are securities, which are commodities, and how each is regulated. If enacted, such laws would reduce the uncertainty of the enforcement-led era, giving businesses clearer categories and a defined path to compliance.

The central criticism of applying a 1946 test to crypto has driven legislative efforts to create purpose-built categories and assign clear regulatory authority. Such legislation could define when a token is a security versus a commodity, establish disclosure regimes suited to crypto, and reduce the reliance on case-by-case enforcement that has frustrated the industry. The outcome would significantly affect the landscape, potentially moving the jurisdiction toward the comprehensive-framework model exemplified by MiCA, as our global landscape guide discusses. Until then, businesses must operate under the existing, uncertain framework with careful legal guidance.

Frequently Asked Questions