Points programs feel like a safe pre-token mechanic. They aren't. Where points cross into securities territory, and why non-transferable is conservative.
"We're not doing a token, we're doing points" has become the most popular sentence in crypto, and one of the most quietly dangerous. Points can be perfectly fine. They can also be a security wearing a friendlier word. The difference is in the design, and almost nobody spells it out.
Disclosure: AncoraOak Studio is building token-adjacent structures and raises capital from accredited investors, so we have a stake in this line being drawn carefully. This is analysis of a structure, not legal advice and not a comment on any specific program.
A pattern took over the last cycle. Instead of launching a token, projects launched points. Use the product, earn points. Refer a friend, earn points. The points sit in a dashboard, they climb, and everyone understands, without anyone quite saying it, that points are probably going to matter when a token eventually arrives.
The appeal is obvious. Points feel pre-regulatory. They are "just" a loyalty score, a leaderboard number, a way to reward early users. No token sale, no offering, no securities problem. Right?
Not automatically. And the gap between "points feel safe" and "points are safe" is exactly the kind of gap that stays invisible until it very much does not. The word "points" carries no legal magic. What matters is what the points actually are, and what people reasonably expect them to become.
The relevant framework in a US context is the one that governs whether an arrangement is an investment contract, and therefore a security: the Howey test, from the 1946 Supreme Court case. Stripped down, it asks whether there is an investment of money in a common enterprise with a reasonable expectation of profit derived from the efforts of others.
The crucial feature of that test, the one that makes "we call them points" so weak as a defense, is that it looks at economic reality, not labels. Courts and regulators have said, repeatedly and across decades, that you cannot rename your way out of securities status. If the substance of the arrangement is an investment with an expectation of profit from a promoter's efforts, calling the instrument a "point," a "credit," a "reward," or a "voucher" does not change the analysis. The name is not the thing. The thing is the thing.
So the question is never "are these points or are these a token." The question is whether the points, in substance, carry an expectation of future value tied to what the project does next.
"Points" is a marketing word, not a legal category. The Howey test reads what the points do, not what you named them.
Here is where the design choices start to matter, and they matter a lot.
Consider points that are explicitly tied to a future token. The project signals, openly or through a wink everyone understands, that points will convert into tokens, and that those tokens will have value. Users are now spending money or providing value today in the expectation of a profitable payout tomorrow, a payout that depends entirely on the project's efforts to launch and support that token. That is the Howey fact pattern, almost line for line. The "point" is functioning as a claim on future value contingent on the promoter's work. Whether or not it is ultimately judged a security, it is sitting squarely in the zone where the question gets asked.
Now consider points that are transferable, or that trade on a secondary market, even informally. The moment people can buy and sell points, the points acquire a market price, and a market price reflects exactly one thing: the expectation of future value. Transferability turns a loyalty score into something that looks and behaves like a tradable instrument with a speculative price. That is a meaningful step toward the wrong side of the line.
And consider points whose value depends on the project succeeding, where holders are essentially betting on the enterprise. The more the points' eventual worth depends on the promoter delivering, and the less they reflect anything the user themselves did, the more the "efforts of others" prong is satisfied.
None of these, on their own, is an automatic verdict. Securities analysis is fact-specific and contextual. But each one moves the structure closer to the territory where a regulator could reasonably treat the points as the offer of a security that skipped the offering rules entirely.
The contrast tells you what the conservative design looks like.
Points that are non-transferable cannot acquire a secondary-market price, which removes one of the strongest signals of speculative value. A holder cannot sell the expectation to someone else, so the points stay closer to what they claim to be: a record of activity, not a tradable claim.
Points that carry no promise, explicit or implied, of conversion to a valuable token are on much firmer ground. If there is genuinely no representation that points will become money, the expectation-of-profit prong gets much harder to satisfy. The danger is rarely the formal promise. It is the implied one, the campaign that is technically silent but designed so that everyone expects the payout anyway. Substance over form cuts both ways: just as you cannot escape securities law with a label, you cannot escape it with a wink while keeping your fingers crossed.
Points that reward and reflect a user's own consumption or contribution, rather than functioning as a speculative position on the enterprise, look more like a loyalty program and less like an investment. The closer points stay to "thanks for using the product," and the further they stay from "get in early on what we're building," the safer the design.
If a structure is trying to stay clean, the non-transferable, no-promised-conversion design is the conservative path, and it is conservative for a reason. It keeps the points on the loyalty side of the line and away from the investment-contract side. It gives up some of the hype-engine power that comes from letting users speculate on a future airdrop, and that trade is the entire point. The juice you give up is exactly the juice that creates the exposure.
This is the same lesson that runs through every honest version of the on-chain capital story. The mechanics that feel most like a shortcut, free transferability, implied upside, speculative secondary markets, are usually the ones that import the legal risk. The disciplined design forgoes them on purpose, and the discipline is what lets the structure survive contact with a regulator who has read Howey and is entirely unimpressed by your choice of vocabulary.
Points can absolutely be a legitimate, useful mechanic. They are not a free pass. Draw the line yourself, deliberately, in the design, because if you do not, someone with subpoena power may draw it for you later, and they will not use your definitions.
Non-transferable, no implied payout: that's the conservative line, and it's a design choice, not an accident. For the parallel question on governance, read how DAO voting can accidentally create an unregistered security.
Read next: The legal anatomy of a venture DAO built to survive scrutiny
Nothing here is an offer to sell a security or investment advice; participation is limited to verified accredited investors via definitive documents. It is general information about legal concepts and may be wrong or out of date for your situation. Talk to your own counsel.
Field notes on venture building, AI, and capital. No spam, unsubscribe anytime.
By subscribing you agree to receive AOS Insights e-mails. We use your address only for this newsletter - see our Privacy Policy.