CFTC settles enforcement actions with three DeFi protocols over CEA and anti-money laundering violations
Enforcement signals increased CFTC interest in decentralized finance applications and DeFi protocols offering commodifies products to U.S. users
The commission indicates that decentralization is not a defense when determining control and assigning liability for protocol violations
The Commodity Futures Trading Commission (CFTC) recently announced its continued enforcement focus in digital asset decentralized finance (DeFi) by issuing orders settling charges against three DeFi protocol operators.
According to the CFTC, protocol operators were charged with failing to register as a swap execution facility (SEF) or a designated contract market (DCM), failing to register as a futures commission merchant (FCM), and illegally offering leveraged and margined retail commodity transactions in digital assets. Additionally, the protocol operators were also charged with failing to adopt certain customer identification and anti-money laundering programs.
In describing the application of CFTC rules, regulations, and registration requirements to decentralized finance, Director of Enforcement Ian McGinley, noted, “Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not.” Director McGinley went on to note that, “The DeFi space may be novel, complex, and evolving, but the Division of Enforcement will continue to evolve with it and aggressively pursue those who operate unregistered platforms that allow U.S. persons to trade digital asset derivatives.”
Failure to Block U.S. Users From Protocol Access
The order found that certain protocols failed to exclude U.S. persons from accessing the protocol operators’ services and, as a result, they offered regulated products to retail customers without necessary registrations and licensure. In short, the CFTC found that these programmatic decentralized protocols “operate unregistered platforms that allow U.S. persons to trade digital asset derivatives.”
Violation of the CEA
In all three settlements, the CFTC found that the protocols violated Section 4(a) of the Commodity Exchange Act (CEA). The protocols were found to have offered leveraged or margined contracts in digital asset commodities requiring the platforms to register with the CFTC. The Commission found that the platforms offered products that did not result in actual delivery in 28 days, were offered to retail market participants – to persons that were not eligible contract participants or eligible commercial entities – and were not otherwise exempted from registration.
Decentralized Protocols and Control
Of note, and following a similar argument to the CFTC’s January 2023 Ooki DAO action, the Commission found it sufficient that the protocol operators “developed and deployed a blockchain-based digital asset protocol” in which they had some level of operational control or benefit. It would appear from these cases that providers offering trading and contracts in digital assets and derivative tokens on decentralized or autonomous protocols can face liability under the CEA even if they are not engaged in active management and do not have brick-and-mortar U.S. operations.
The Commission seems to be taking the position that decentralized platform developers cannot avoid the registration and compliance requirements of the CEA, and CFTC regulatory obligations generally, by “decentralizing” or automating their platforms, contracts, or software, if they retain some level of control, protocol maintenance, economic benefit, and/or fee structuring. In short, where each operator retained some degree of control or benefit, the CFTC found it to be enough to warrant liability for violations of the CEA that their protocols effectuated.
Commissioner Summer K. Mersinger published a Dissenting Statement on the action, highlighting the complexity and issues associated with regulating decentralized exchanges. Noting that the Commission had yet to address precisely how DeFi protocols can comply with existing regulations, Commissioner Mersinger went on to comment that, “the Commission’s Orders in these cases give no indication that customer funds have been misappropriated or that any market participants have been victimized by the DeFi protocols on which the Commission has unleashed its enforcement powers.”
Commissioner Mersinger also noted that the commission has yet to provide fulsome comment on:
- How a DeFi protocol might register with the Commission and comply with the CEA
- How might an entity that the Commission finds requiring dual licensure, in light of recent CFTC comments surrounding affiliate compliance, properly be required to register as both a DCM/SEF and an FCM?
- How does the Commission plan to handle enforcing registration and compliance requirements for complex technological solutions that may provide, in the same technological system, but regulated and unregulated services and products?
- What if a DeFi protocol is developed for lawful purposes but is used for purposes that violate the CEA? Should the developer be held liable for a protocol providing access to regulated products not designed by the protocol’s offeror?
Commissioner Mersinger closed her dissent with a Maslowian note, “We at the CFTC are fortunate to have more than one ‘tool’ to use in our oversight of the markets. I am concerned, however, that as it relates to DeFi innovation, if we continue swinging our enforcement ‘hammer’ as if every DeFi project were a nail, we are neglecting the other tools in our toolbox that can enable us to achieve the diverse objectives that Congress tasked to us in the CEA.”
The CFTC seems to be taking a broad but targeted interpretation on the CEA and its application to decentralized protocols and software systems. It seems clear that increased and continued enforcement by the Commission in the digital asset market is ongoing, including in the case of decentralized mechanisms, platforms, and DeFi generally, reflecting recent comments by Director McGinley that it is his intent “for DeFi to be a significant and continuing focus for the Division of Enforcement.”
It is unclear what factors, operations, and products in the DeFi context will trigger licensure or compliance (or exemption therefrom). Developers, technology providers, and retail market participants may necessarily be required to pay particular care to the products and protocols they find themselves using and deploying in light of the current regulatory environment.
To obtain more information, please contact the Barnes & Thornburg attorney with whom you work or Trace Schmeltz at 312-214-4830 or email@example.com or Katie Mills at 310-284-3820 or firstname.lastname@example.org.
© 2023 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is proprietary and the property of Barnes & Thornburg LLP. It may not be reproduced, in any form, without the express written consent of Barnes & Thornburg LLP.
This Barnes & Thornburg LLP publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.