The company operated a website called coinschedule.com. According to the SEC, it was accessible from within the USA from 2016 to 2019 and, during that time, visitors to the site from the USA "comprised a significant portion of its web traffic."

Of itself, there is little to complain about, even if the material was paid-for publicity although the SEC does say that where such publicity for regulated investments is paid for, that fact must be disclosed. That's why all those pump and dump spam-scam e-mails you get have a piece at the bottom that says "we have been compensated for this marketing campaign" and some insanely large number of shares in a near-worthless company is mentioned.

However, where coinschedule.com went beyond the acceptable was in making recommendations.

"Visitors to Coinschedule.com were presented with details about each profiled digital token offering in so-called “listing” profiles, which also included links to the token issuers’ own websites and a “trust score” that Coinschedule claimed reflected its evaluation of the “credibility” and “operational risk” for each digital token offering based on a “proprietary algorithm.” That's what the SEC says is wrong.

We just see the expression "proprietary algorithm" and the warning signs are raised to full mast.

Coinschedule fell into a regulatory gap which, perhaps inadvertently, the SEC has re-established. It says "Coinschedule.com published many of the profiles after the SEC issued its DAO Report in 2017 warning that coins sold in ICOs may be securities and that those who offer and sell securities in the U.S. must comply with federal securities laws, and also after the SEC’s Division of Enforcement and Division of Examinations advised that, in accordance with the anti-touting provisions of the federal securities laws, those who promote a virtual token or coin that is a security must disclose the nature, scope, and amount of compensation received in exchange for the promotion."

Note "may be securities." That means that they may not be. The SEC found a fence and sat on it.

Biotics has entered into an agreement with the SEC: it will "cease and desist from committing or causing" any future breaches of the anti-touting provisions of US Federal Securities Laws. It has agreed to surrender USD43,000 in fees it received and to pay a penalty of USD154,434.

There is one more wrinkle: there was a company called Coinschedule Limited. It was dissolved and Blotics Limited is its successor, says the SEC without explaining whether the issues arose before Blotics was formed, whether Blotics actually performed any of the actions complained of and exactly why this problem ended up on Blotics' doorstep.

One thing is not explained: exactly how does the USA's SEC have jurisdiction over this UK company?

If it is based on the fact of US dollars being used, then we can see that - but only if a crime was committed and, on the face of the information available, there has been no actual crime committed in the USA (unless a crime doesn't require a conviction. Also, the SEC does not prosecute criminal conduct - its actions are civil actions).

If it's based on the assumption that conduct overseas is liable to action in the USA, then that opens a massive can of worms as to cross-border liability for action on the internet.

In the 1990s, one of the debates was this: do we prosecute where the perpetrator sits, at the location of the server or where the victim sits? This case might provide at least a hint.

It's pretty clear that this was not a pump and dump scam although some of the tools used were those used by fraudsters. It's also pretty clear that the UK company was not engaged in a fraud, per se. The alleged fraud arises from the breach of technical US rules and the failure to include a caveat / disclaimer / form notice in the terms required by the SEC for visitors from the USA.

The next point, then, is whether this case implies a need for websites to place such notices as are required by every country in which the site is accessible.

That flies in the face of both freedom of the internet and the principle of caveat emptor.

It's an interesting question; the answer may be complex and expensive.

Where, for example, would such a notice have to be? Can it be site-wide referenced from a footer that appears on every page or does the notice have to appear on every page? Does it have to be in a terms and conditions that all users must accept as a pre-condition of entry? If so that requires identification and persistent cookies and the data protection problems that brings.

In the Blotics case, the company gave a rating but then it simply referred enquiries via a link. Is an Amazon-group style "we earn a commission" statement enough?

This case raises more questions than it answers.

-----------
Further reading: https://www.sec.gov/litigation...