Initial coin offerings, or ICOs, are like a fine meal. There’s the round of appetizers that get everyone hungry, eager to taste the chef’s main dish. After the plates are cleared, here comes the entrees, each one cooked to perfection. Finally the meal is concluded with homemade dessert and freshly brewed coffee. Everything is splendid—except perhaps, the vegetables. They are a necessity in the meal, and a key part of healthy eating, but don’t have the same instant appeal as the unhealthier choices.

And what is the “vegetable” portion of an ICO? Without a doubt, the legal side. No one really likes compliance or regulations; but they are a necessary evil to keep things in check, and must be followed to maintain the health of your company overall.

Because of this, ICO teams should be ready to face an onslaught of regulatory questioning, even if the majority aren’t required to register with local governments… yet.

As a point of departure, here are three simple questions your ICO’s legal team should be ready to answer:

Is Your Token a Security or Not?

This question is by far and away the most important. Everyone in the blockchain industry remembers the SEC’s July 2017 ruling on The DAO, labeling DAO tokens as securities and therefore required to be registered under the Securities Act of 1933 and the Securities Exchange Act of 1934. As a result, the SEC has also released several bulletins on their website related to ICOs, Bitcoin and other cryptocurrencies, and warnings on cryptocurrency related ponzi schemes.

The amount of time and attention the SEC is putting into understanding blockchain technology, ICOs, and digital currencies should serve as a wake-up call for blockchain startups. This is crucial for ICO legal teams to understand, because an ICO could be shut down by the SEC. Further, the results of having to register tokens as securities would be disastrous for a blockchain company whose holy grail is decentralization and freedom from government control. An SEC regulated ICO is just like a traditional IPO.

One option legal teams have is to use the “SAFT” method, a way of avoiding SEC regulation. The method essentially revolves around the Howey case, specifically the requirement about a security’s profits having to result solely from the efforts of others. Legal teams should focus on their token’s utilitarian function on their platforms, thereby involving investors’ efforts directly. Because investors themselves are using the tokens in a practical manner, they likely won’t qualify as securities.

How are Investors Protected?

This second question relates to the first, but from another perspective. ICO legal teams need to be ready to answer how investors are protected when participating in their ICOs. What if the ICO fails to meet its fundraising goals? What happens to investor money that has already been accepted? Are investors refunded? These are just some of the many questions regulatory bodies can ask your ICO’s legal team.

In additional to checking SEC bulletins, the legal team should also be aware of FINRA’s (Financial Industry Regulatory Authority) take on various blockchain issues. As a third party regulator of the financial industry, FINRA can also take action against ICOs and their teams. If legal teams put the investors’ interests first, they should have few problems if interviewed and questioned by regulatory bodies.

Has Your Token and Platform Already Been Invented?

Finally, legal teams need to do their research and make sure they aren’t creating a copycat ICO. Among the many forms of ICO scams, copycat ICOs are particularly dangerous for startup teams because there is an additional body that can take legal action—the company whose token or platform was copied. In this scenario, a copycat ICO can face action from three parties—a governing authority, individuals, and the company whose product(s) were stolen. This represents a potential 50% increase in liability. Due diligence can make sure this nightmare scenario doesn’t happen.