Employees are not responsible for every legally questionable thing their company does. That said, I mean, of course a person is responsible for any crimes they may have personally committed. It doesn't matter that your company told you to do it. To believe the law would work any other way is incredibly naive. If this really is how people are thinking about ICO's, then I would strongly urge anyone with possible involvement to go consult briefly with an attorney about that involvement now. Just to better understand how things work. Because right now there is some pretty bad information floating around.
If your lawyer recommends it, then get out in front of the problem. You may even be able to reach a settlement with the SEC. (Which, needless to say, is far better than having to reach a "deal" with the DOJ.)
It is true that "employees are not responsible for every legally questionable thing their company does".
However, a person need not commit a crime personally to be held accountable. Conspiracy charges merely require that a person engaged in otherwise legal actions (e.g. coming up with a list of potential investors, working on code for a demo, etc) had known that the project may circumvent the law in any respect. The bar for prosecution for federal conspiracy charges is extremely low.
Being prosecuted for working on code for a demo feels like being prosecuted for building a kitchen because the chefs didn't wash their hands.
If the bar is if they "had known that the project may circumvent the law" then is playing dumb enough to avoid liability? I don't find it morally acceptable that engineers have to take on the legal risk of their superiors' decisions unless it's some kind of extremely blatant doomsday device.
HN User icostoss is right though. What you find morally acceptable, has no bearing on RICO statutes. RICO only requires that you knew, or should have known, what an ICO was used for. Which would probably be borne out by your electronic communications trail. It's pretty much open and shut.
But it would never get that far unless an engineer worked for an ICO that took in a lot of money, AND that engineer was dumb and decided not to try and settle with the SEC.
Hopefully, no one is that dumb.
(I suppose there is a chance that the SEC just wants to make an example of your company, so they'd refer you anyway despite your attempts at a settlement. But that would just be bad luck. Like being the guy who gets pulled over on the interstate for speeding. Sure, everyone else is doing it, but the cop is just trying to make a point.)
