Bad Actor Disqualification Rules for Token Offerings

Rule 506(d), adopted alongside the JOBS Act amendments to Regulation D, disqualifies any offering under Rule 506 (both 506(b) and 506(c)) if certain “covered persons” associated with the offering have specified regulatory or criminal histories — known as “disqualifying events.” For security token issuers, bad actor diligence is a non-negotiable prerequisite to launching any Reg D offering, and the unique ecosystem of blockchain projects — with founders, advisors, and promoters who may have prior involvement in SEC enforcement actions or failed crypto ventures — makes the diligence process particularly important. The SEC brought 125 cryptocurrency-related enforcement actions between 2021 and 2024 according to Cornerstone Research, generating $6.05 billion in penalties. Even under the Atkins administration’s reduced enforcement pace (13 actions in 2025, a 60% decline), fraud cases like the December 2025 Morocoin action demonstrate that bad actor screening remains essential — individuals with prior SEC enforcement histories, consent orders, or criminal convictions connected to crypto ventures are disqualified from participating in Reg D offerings.

Covered Persons

Rule 506(d) applies to “covered persons” — a defined category that encompasses everyone with significant influence over the offering:

1. The issuer and any predecessor or affiliated issuer.
2. Directors, executive officers, or other officers of the issuer participating in the offering.
3. General partners or managing members of the issuer.
4. 20% beneficial owners — any person who holds 20% or more of the issuer’s outstanding voting equity securities, calculated on the basis of voting power.
5. Promoters connected with the issuer in any capacity at the time of the sale.
6. Investment managers and principals of pooled investment fund issuers.
7. Compensated solicitors — any broker-dealer or other person who receives compensation for soliciting investors, and any director, executive officer, or general partner of such solicitor.

For security token projects, the “promoter” and “compensated solicitor” categories are particularly broad. Token advisors who receive token allocations or consulting fees for introducing investors may qualify as compensated solicitors. Community managers, influencers, and referral partners who receive compensation for investor introductions may also fall within the covered person definition.

Disqualifying Events

The following events, if involving a covered person, disqualify a Rule 506 offering:

Criminal convictions. Any felony or misdemeanor conviction in connection with the purchase or sale of a security, involving the making of a false filing with the SEC, or arising out of the conduct of certain financial intermediaries. Lookback period: 10 years for felonies, 5 years for misdemeanors (from the date of conviction).

Court injunctions and restraining orders. Final orders, judgments, or decrees of any court of competent jurisdiction temporarily or permanently restraining a person from engaging in securities-related activities. Lookback period: 5 years.

Final SEC disciplinary orders. Orders of the SEC suspending or revoking registration as a broker-dealer, investment adviser, transfer agent, or municipal securities dealer; or placing limitations on activities, functions, or operations of such persons. No lookback period — these are permanent disqualifiers unless the SEC grants a waiver.

SEC cease-and-desist orders. Final cease-and-desist orders relating to violations of scienter-based anti-fraud provisions (Section 17(a)(1) of the Securities Act, Section 10(b) of the Exchange Act) or Section 5 registration violations. Lookback period: 5 years.

SRO disciplinary orders. Final orders from self-regulatory organizations like FINRA that suspend, expel, or bar a person from membership or association. No lookback period for permanent bars.

SEC stop orders and Regulation A suspensions. Orders suspending a registration statement or Reg A exemption. Lookback period: 5 years.

U.S. Postal Service false representation orders. Lookback period: 5 years.

The Reasonable Care Exception

If a disqualifying event exists but the issuer did not know, and could not have known with reasonable care, that a covered person had a disqualifying event, the offering is not disqualified. This “reasonable care” exception makes the diligence process itself the critical compliance safeguard — an issuer that conducts thorough bad actor screening before launching the offering can rely on the exception if an undisclosed disqualifying event is later discovered.

What constitutes “reasonable care”? The SEC has not provided a bright-line test, but industry practice and SEC staff guidance indicate that reasonable care includes:

• Factual inquiry with each covered person, typically through a questionnaire asking about criminal convictions, regulatory actions, and disciplinary proceedings.
• Independent verification through publicly available databases — SEC EDGAR (for SEC orders), FINRA BrokerCheck (for FINRA disciplinary actions), and PACER (for federal court records).
• Legal background checks through third-party services for key covered persons (founders, directors, significant equity holders).

Token-Specific Diligence Challenges

Security token offerings present unique bad actor diligence challenges:

Large advisory networks. Many token projects have extensive advisor networks — 10-30 advisors is common — who may receive token allocations as compensation. Each compensated advisor is potentially a covered person whose history must be screened. The administrative burden of screening large advisory networks is significant.

Pseudonymous participants. Blockchain projects sometimes involve participants known only by pseudonyms. Covered persons must be identified by legal name for effective background screening. Issuers should require legal name disclosure from all compensated participants before launching the offering.

Prior crypto enforcement exposure. The ICO enforcement wave of 2017-2020 resulted in SEC actions against hundreds of individuals and entities. Founders and advisors who were involved in prior token projects may have undisclosed SEC cease-and-desist orders or FINRA sanctions that trigger disqualification. The overlap between the current security token ecosystem and the prior ICO ecosystem makes this screening particularly important.

International participants. Token projects with international teams must screen covered persons in jurisdictions where background check databases may be limited. Foreign criminal convictions may trigger disqualification under the “felony or misdemeanor” category if the underlying conduct would constitute a covered offense under U.S. law.

Disclosure Obligation for Pre-Existing Events

Rule 506(e) provides a carve-out for disqualifying events that occurred before September 23, 2013 (the effective date of the bad actor rules). These “pre-existing” events do not disqualify the offering but must be disclosed to investors in writing a reasonable time before the sale of securities.

For token issuers, this means that even pre-2013 regulatory actions must be identified through the diligence process and disclosed. Failure to disclose a pre-existing event does not technically disqualify the offering, but it creates an antifraud risk — investors may claim they would not have invested had they known about the covered person’s regulatory history.

SEC Waivers

The SEC may grant waivers from disqualification upon a showing of good cause. Waivers are typically sought by large institutions (banks, broker-dealers) that settle SEC enforcement actions and need continued access to the Rule 506 market. The waiver process is case-specific and involves demonstrating that the disqualifying event does not reflect on the integrity of the current offering.

For security token issuers, waiver applications are rare — it is generally more practical to remove the disqualifying covered person from the offering than to seek a waiver. If a director, advisor, or promoter has a disqualifying event, the simplest compliance path is to terminate their involvement before launching the offering.

Practical Compliance Checklist

1. Identify all covered persons — directors, officers, 20% holders, promoters, and compensated solicitors.
2. Distribute a bad actor questionnaire to each covered person.
3. Screen covered persons against SEC EDGAR, FINRA BrokerCheck, and court records.
4. For any identified events, determine whether they fall within the lookback period.
5. For pre-2013 events, prepare investor disclosure documents.
6. For current disqualifying events, either remove the covered person or seek an SEC waiver.
7. Document the entire diligence process — the reasonable care exception depends on demonstrable effort.
8. Repeat screening for any new covered persons added during the offering (new advisors, new directors, new compensated solicitors).

Bad Actor Issues Specific to Digital Asset Offerings

The blockchain industry’s history of regulatory enforcement creates heightened bad actor risk for token offerings:

Prior ICO involvement. Individuals who participated in unregistered ICOs between 2017-2020 — a period when the ICO enforcement wave resulted in numerous SEC actions — may carry disqualifying events. The eight-year lookback period means events from 2018 remain relevant through 2026.

Wells Notice recipients. A Wells Notice (notification that SEC staff intends to recommend enforcement action) is not itself a disqualifying event. However, the subsequent enforcement order, cease-and-desist order, or court injunction that may result would be disqualifying.

International enforcement. The SEC recognizes foreign regulatory orders as potential disqualifying events for covered persons subject to foreign jurisdiction. For token offerings with international team members or advisors, screening must include foreign regulatory history.

DAO participants. For tokenized projects with DAO governance, the question of whether DAO governors constitute “covered persons” under Rule 506(d) remains unsettled. Conservative practice treats significant DAO governance participants as analogous to directors or officers, requiring bad actor screening.

Ongoing Monitoring Obligations

Bad actor screening is not a one-time obligation. Issuers conducting ongoing offerings must monitor covered persons throughout the offering period:

New covered persons. When a new director, officer, advisor, or compensated solicitor joins the offering after its commencement, the issuer must screen the new covered person before they participate. Token projects with rolling advisory boards or evolving marketing partnerships must implement onboarding procedures that include bad actor questionnaires and background screening before any compensation is paid or role is assumed.

Status changes for existing covered persons. If an existing covered person becomes subject to a disqualifying event during the offering (e.g., an SEC cease-and-desist order is entered, a FINRA disciplinary action is finalized), the issuer must address the disqualification — typically by removing the person from their covered role. Issuers should require covered persons to notify the issuer promptly of any regulatory proceedings that could result in a disqualifying event.

Annual re-screening. While not explicitly required by Rule 506(d), many securities attorneys recommend annual re-screening of all covered persons for offerings that remain open for more than 12 months. This aligns with the Form D annual amendment timeline and provides a regular compliance touchpoint.

Platform-Level Bad Actor Screening

Security token platforms have developed infrastructure to manage bad actor screening at scale:

Securitize integrates bad actor screening into its issuer onboarding workflow, requiring all covered persons to complete questionnaires and consent to background checks before the platform will process a token offering. The platform maintains a centralized record of screening results that is accessible to the issuer and its counsel.

Third-party compliance services. Specialized compliance firms offer automated bad actor screening services that cross-reference covered person information against SEC EDGAR enforcement actions, FINRA BrokerCheck records, state securities regulator databases, and federal court records. These services typically cost $100-500 per covered person and provide results within 3-5 business days.

Cross-offering compliance. For platforms hosting multiple concurrent offerings, bad actor screening results for covered persons who participate in multiple offerings (e.g., a broker-dealer that distributes tokens for several issuers) can be reused within a reasonable timeframe, reducing redundant screening costs while maintaining compliance.

Bad Actor Rules and Token Offering Economics

The bad actor diligence process has a measurable impact on token offering economics. For a typical security token offering with 15-25 covered persons (founders, directors, advisors, and compensated solicitors), the screening process costs $5,000-$15,000 and requires 2-4 weeks to complete. This cost is modest relative to total offering expenses of $250,000-$1 million but represents a hard prerequisite that cannot be deferred — launching a Reg D offering without completing bad actor screening creates exemption risk for the entire offering.

Enforcement Context and Bad Actor Overlap

The SEC’s enforcement history creates a significant overlap between bad actor disqualification and the security token ecosystem. Between 2021 and 2024, the SEC brought 125 cryptocurrency-related enforcement actions generating $6.05 billion in penalties, and the resulting cease-and-desist orders and court injunctions from these cases feed directly into the Rule 506(d) disqualifying events database. Even as enforcement pace declined 60% in 2025 under Chairman Atkins’ Crypto Task Force engagement-first approach, the existing pipeline of disqualifying events from prior enforcement cycles remains active through their lookback periods. Platforms like tZERO, INX (acquired by Republic for $60 million in April 2025), and Securitize have integrated automated bad actor screening into their issuer onboarding workflows, cross-referencing covered person identities against SEC EDGAR enforcement databases and FINRA BrokerCheck records in real time.

For the Reg D 506(c) framework that requires bad actor compliance, see our guide. For accredited investor verification methods that accompany bad actor screening, see our practical guide. For Form D filing requirements, see our compliance guide. For broker-dealer disqualification rules that parallel bad actor provisions, see our guide. For enforcement actions that may create disqualifying events, see our tracker. For the SEC’s official bad actor rules, see SEC Rule 506(d) Disqualification.