It is well known that insider trading—the practice of buying and selling stocks, bonds, or other securities based on material, non-public information—is unlawful. For that reason, many companies have compliance programs and policies that restrict trading by officers, directors, employees or other “insiders” with access to such information. 

What does this have to do with NFTs? NFTs are non-fungible tokens, the ownership of which are registered on a blockchain. Many NFTs represent rights to a digital image or other digital asset. Many NFTs likely do not fall within the definition of a security. Yet, some may. Some examples of where this may be the case (depending on the facts) include: (1) a set of NFTs that represent a factional interest in some asset or revenue stream (also known as fractionalization); (2) pooling of assets as a single NFT; (3) NFTs that represent a right to a revenue stream; and (4) presale of NFTs that have functionality which is not useable at the time of sale. To the extent a NFT is deemed a security, then it is likely subject to the prohibitions on insider trading that apply to securities. Most companies have policies that prohibit illegal insider trading of securities. However, even if an NFT is not a security, there are certain trading activities that may be illegal, or at least unethical. The rest of this paper will focus on NFT policies for issues other than illegal insider trading of securities.

Why is a policy recommended even if a NFT is not a security? A well-publicized incident at one of the leading NFT marketplaces exposed a high-level executive who was buying NFTs from certain NFT collections based on confidential information shortly before those collections were to be promoted on the marketplace. By purchasing the NFTs in advance, the employee would be able to sell them at a profit, as the demand and resultant value of collections so promoted typically increased. Subsequently, the executive resigned and the company received substantial negative press over the incident. Shortly thereafter, the company developed a NFT insider trading policy prohibiting such conduct. Despite the fact that it does not appear that the NFTs involved fall within the definition of a security, the executive was later indicted for charges involving wire fraud and money laundering in connection with a scheme to commit insider trading in NFTs. You can read more about the indictment here. As detailed below, there are other facts patterns where employee actions regarding NFTs could create potential issues for companies. 

Who should have an NFT trading policy? In our view, any company dealing in NFTs should consider adopting an NFT trading policy. For companies that operate marketplaces, the incident described above provides a compelling reason. However, other players in the NFT space should consider one as well. For example, brands and IP owners that license their IP for or create their own NFTs should consider one. There have been situations where individuals have engaged in wash sales or other activities to artificially manipulate the price or volume of NFT sales. Other companies that deal in NFTs or the NFT ecosystem should also consider adopting and implementing an NFT insider trading policy. 

What should the policy cover? After the incident mentioned above, many companies cloned the NFT insider trading policy that the impacted marketplace adopted. Is this sufficient? In our view, no. There are other issues that should be addressed in a more comprehensive policy. The scope and content of the policy may vary depending on the nature of your company’s business and the role it has with NFTs. For example, the policy for an NFT marketplace may be stricter and cover other topics than one for a brand that just licenses its IP for or just distributes a limited number of NFTs. While it is advisable to enlist the help of a competent attorney to craft a company-specific NFT Insider trading compliance policy, the following are some of the topics you should consider:

1. Covered Individuals: Who will the policy cover? For example, will the policy cover all employees and contractors or just those directly involved in the NFT project? Will prohibitions be extended to family members or those likely to be privy to the insider information?

2. General prohibition on use of material, non-public information (“MNPI”). Companies should consider prohibiting any covered individuals from buying, selling, trading, or otherwise engaging in NFT transactions based on MNPI. 

3. Provide guidance on use of Company Intellectual Property. Companies should also be sure to provide Covered Individuals guidance on how such individuals are allowed to exploit any Company intellectual property, if at all, and the restrictions on doing so. For example, can an employee create his or her own NFT featuring the Company logo or other company related information?

4. No Early Access: To avoid the appearance of impropriety—and the bad press that may result—companies should carefully consider prohibiting any pre-sale or allocation of NFT to insiders. This might include, for example, requiring employees to burn or decommission any NFTs minted for “testing” purposes.

5. No Illegal or Improper Activity: While this is self-explanatory, the policy should make it clear that NFT transactions cannot be used for any illegal purposes (e.g., money laundering or sanctions avoidance) or for improper purposes (e.g., wash trading to manipulate the price or trading volume of an NFT). It is possible that some employees may not know that some of these activities are illegal.

6. Training: Employees should receive proper training under the compliance policy, including their confidentiality obligations with regard to the MNPI, and to help them understand when NFTs may be securities, why certain trading activity may be illegal or improper and to understand other regulatory considerations with NFTs.

Due to the evolving business models and legal issues with NFTs, it is advisable to work with an attorney familiar with theses issues to develop a custom policy for your company and to periodically update the policy. New issues continue to emerge, new regulations will undoubtedly be passed (eventually) and new lawsuits will raise issues that may not yet be in focus.