On April 10, 2025, the U.S. Securities and Exchange Commission's Division of Corporation Finance (CorpFin) released a detailed statement outlining disclosure expectations for offerings and registrations of securities in the crypto asset markets. While the framework is thorough, well-organized, and undeniably helpful to lawyers and compliance professionals, it suffers from a familiar and recurring issue in the Commission's approach to crypto: it does not say who the rules apply to.
As a guy who remembers trying to give client's advice in 2018 by hanging on every word from SEC statements and speeches… this feels similar. Most of us probably remembers the Hinman speeches. Are we replacing regulation by enforcement with regulation by ambiguity… again?
The statement spans everything from business model disclosures to network architecture, token supply, smart contract audits, and technical specifications. It also covers risk factors, management structure, and financial reporting obligations under Regulation S-K and forms such as S-1, 1-A, and 20-F. It is, in short, a substantive and thoughtful roadmap for how crypto-related issuers should think about disclosure.
But it raises a core question left unanswered: When and under what conditions is this framework triggered?
This omission reflects a deeper structural flaw in the SEC's approach to crypto. It wants to educate without committing. It offers examples without articulating enforcement boundaries. And it outlines disclosure protocols without stating clearly whether—or when—a particular token offering, network deployment, or platform listing gives rise to registration obligations.
This hesitancy risks undermining the very clarity the Commission claims to pursue.
From our perspective, the answer is straightforward:
- If a company is selling a token to the public—whether through a token generation event (TGE), exchange listing, or some other distribution model—it should be required to make appropriate, material disclosures about that token. If an exchange or platform is facilitating public trades of crypto assets, it should likewise be responsible for ensuring that appropriate disclosures exist and are available to its users.
- This principle isn't controversial. It aligns with Howey, with existing securities laws, and with basic investor protection norms. Most compliant digital asset exchanges already conduct a legal analysis before listing tokens. Most sophisticated issuers prepare documentation—whether white papers or private placement memos—before fundraising. What is missing is a regulatory floor that turns these best practices into obligations and ensures that bad actors can't exploit the absence of bright lines.
- The new CorpFin statement also reinforces an uncomfortable dynamic for market participants: we're still operating in an era of staff views, frameworks, and nonbinding guidance, rather than formal rules or settled case law. The speech-to-enforcement pipeline that has defined crypto policy since the Hinman era remains alive and well, and this latest publication does little to change that.
To be clear, we applaud the technical depth of the April 10 guidance. But disclosure frameworks that lack clearly articulated triggers invite inconsistency and leave room for selective enforcement. In our view, the SEC should state plainly:
- What kind of token offerings require disclosure?
- What entities are responsible for producing those disclosures?
- When must those disclosures be made?
The market doesn't need less regulation or more regulation. It needs predictable, enforceable rules.
The current SEC has an opportunity to step up and provide that structure. If it does, it will earn the market's trust. If it doesn't, it may only reinforce the perception that U.S. crypto policy remains trapped in a loop—one where guidance is published, ignored, and then replaced again with more guidance.
It's time to end that cycle.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
