Author: Will Awang
On September 7, 2023, the Commodity Futures Trading Commission (CFTC) once again focused its enforcement efforts on the decentralized finance (DeFi) sector and imposed penalties on three blockchain companies in the United States: Opyn, Inc., ZeroEx, Inc., and Deridex, Inc. The companies ultimately admitted guilt and reached a settlement.
Before enjoying the “fruits of victory” brought by Uniswap to the DeFi industry in court, CFTC immediately shattered it a week later and aimed its regulatory cannons directly at the DeFi derivatives market and even the entire DeFi industry.
This article will analyze the impact and response strategies for the DeFi industry by examining the background of the CFTC’s regulatory enforcement cases and the internal dissenting voices within the CFTC.
- Google is Turning 25 Can AI Help Resolve Midlife Crisis?
- Vitalik Buterin Nanyang Technological University Speech Transcript The Past and Present of Ethereum
- More than half a year has passed, ChatGPT’s ranking is quickly falling to the bottom.
CFTC may be a more formidable regulator than the SEC, and it may target DeFi directly;
CFTC imposes regulatory penalties on developer companies for DeFi’s violation of derivatives trading regulations;
CFTC directly attributes the responsibility of malicious third parties to developers, even if developers cannot control the occurrence of malicious third-party behavior;
Gabriel Shapiro, the lawyer of Delphi Labs, said, “100% of DeFi will be illegal.”
While the SEC targets CeFi, the CFTC targets DeFi, and FinCEN focuses on KYC/AML/CTF for the global circulation of crypto assets, this should be the regulatory landscape for crypto assets before the 2024 US presidential election.
1. Case Background
According to the CFTC press release, Opyn and Deridex respectively developed and deployed their own blockchain-based protocols and websites, which provided token derivatives trading and perpetual contract trading. These transactions are considered retail commodity transactions involving swaps/leverage/margin and can only be provided to retail users on registered exchanges that comply with the Commodity Exchange Act (CEA) and CFTC regulations. However, Opyn and Deridex have never registered with the CFTC and provided services illegally without fulfilling customer identification procedures required by banking secrecy laws. In addition, although Opyn implemented some measures to restrict US users from using the service, these measures did not effectively work, while Deridex did not take any measures.
ZeroEx developed and deployed the 0x Protocol and the Matcha application, which is similar to a DEX that allows users to trade between multiple tokens. However, there are some tokens with leverage/margin characteristics deployed by unrelated third parties on the DEX for investors to trade. CFTC believes that transactions of this nature can only be provided to retail users on registered exchanges that comply with the CEA and CFTC regulations, and ZeroEx provided services illegally without registering with the CFTC.
Therefore, Deridex and Opyn were accused of failing to register as Swap Execution Facilities (SEFs) or Designated Contract Markets (DCMs); failing to register as Futures Commission Merchants (FCMs); and failing to implement customer identification procedures as required by FCM (as part of implementing compliance procedures for banking secrecy laws). In addition, ZeroEx, Opyn, and Deridex were also accused of illegally providing leverage and margin retail commodity transactions for cryptocurrencies.
According to the charges, the CFTC has required the developer-operated companies Opyn, ZeroEx, and Deridex to pay civil fines of $250,000, $200,000, and $100,000 respectively, and has required them to cease their violations. Under the settlement agreement, these three companies have agreed to pay the civil fines to avoid further legal action.
CFTC Enforcement Director Ian McGinley said, “There was once an inherent idea among DeFi projects that decentralization and the blockchain were beyond the reach of the law. However, this is not the case. The DeFi industry may be innovative, complex, and constantly evolving, but law enforcement agencies will also keep up with the times and actively pursue those unregistered platforms that allow U.S. users to engage in derivative trading.”
II. Dissenting Opinions of CFTC Commissioners
2.1 Conflict with CFTC Regulatory Principles
Although the CFTC has made the above regulatory enforcement decisions, CFTC Commissioner Summer K. Mersinger has expressed opposition. She stated: This regulatory enforcement targets DeFi protocols and applications in a decentralized environment, an area that the CFTC has never previously explored. Therefore, the regulatory attitude towards this field for the first time is particularly important.
Last year, the CFTC stated in its 2022-2026 Strategic Plan that regulation of DeFi would involve increased stakeholder engagement and recognition of the need for broad stakeholder participation in innovative industries such as DeFi. However, this regulatory enforcement action is completely different from the strategic plan. The CFTC’s “regulation before communication” approach contradicts the strategic plan and the congressional requirement for “responsible innovation.”
She stated that in this case, there is no evidence of customer funds being misappropriated or any market participants being harmed by DeFi protocols/applications. Although this unreasonable regulatory thinking by the CFTC can protect “imagined” investors, it cannot promote responsible innovation and will only drive the DeFi industry out of the U.S. market.
2.2 Conflict with the Uniswap Case Precedent
In addition, she raises a very realistic question through the regulatory enforcement against ZeroEx: If a DeFi protocol is developed and deployed for legitimate purposes but is used by unrelated third parties to violate the CEA and CFTC regulations, who should be held responsible? Should the developers of the DeFi protocol bear the responsibility forever?
These questions have actually been answered in the previous Uniswap case (refer to the article: DeFi Regulation Dilemma: Uniswap in Heaven, Tornado Cash in Hell). The court has told us from a judicial standpoint that the developers and investors of Uniswap should not be held responsible for any damages caused by the use of the protocol by third parties, because the underlying smart contracts of Uniswap and the token contracts deployed by third parties are completely different.
Therefore, I believe that the precedent set by Uniswap can also be applied to the regulatory enforcement of ZeroEx. The CFTC’s regulatory enforcement completely contradicts judicial precedent.
2.3 There is no CFTC compliance path for DeFi
Commissioner Summer K. Mersinger stated in her dissenting opinion that the existing CFTC regulations are aimed at centralized intermediaries, and the regulatory requirements are for centralized institutions to register as compliant intermediaries (such as futures commission merchants (FCMs)) and then comply with the KYC/AML/CTF procedures required by banking secrecy laws, as well as comply with the regulatory requirements for business compliance.
Such regulatory provisions are not suitable for decentralized and intermediary-free DeFi protocols. How can a DeFi protocol be required to register as an intermediary established by a futures commission merchant (FCM) in a decentralized environment? This is an issue that needs to be resolved, and the CFTC’s regulatory enforcement this time does not provide a positive response.
However, regardless of how strong the opposition is, the CFTC’s regulatory enforcement continues.
III. Will have a huge impact on derivative trading markets
3.1 CFTC may be a more formidable regulator than the SEC
Due to the SEC’s previous regulatory enforcement and judicial challenges in the cryptocurrency industry, people mistakenly believed that the CFTC might be a more crypto-friendly regulatory agency, so more regulatory authority should be given to the CFTC. However, in the recent regulatory enforcement against DeFi projects, the CFTC has gradually revealed its true face – the CFTC may directly destroy the entire DeFi industry.
The CFTC’s regulatory enforcement this time has sounded the alarm for DeFi protocols engaged in derivative trading or with derivative trading functions (including DEX based on AMM mechanism). If these protocols provide services to US users, they may be directly exposed to the CFTC’s regulatory firepower. Gabriel Shapiro, General Counsel at Delphi Labs, even stated, “100% of DeFi in the United States may become illegal.”
In an interview, he stated: First, DeFi protocols with derivative trading functionality have already caught the attention of the CFTC, whether it is in the CFTC v. Ooki DAO case (refer to the article: The Tragedy of DeFi Regulation, Uniswap in Heaven, Tornado Cash in Hell) or in this regulatory enforcement, it is aimed at DeFi protocols that do not comply with the CEA and CFTC regulations.
Second, according to the relevant regulations of the CEA and CFTC, “an individual or entity may not engage in leveraged/margin/financing transactions of commodities unless they obtain relevant registration or licenses from the CFTC.” However, almost all DeFi protocols engage in leveraged/margin/financing transactions of cryptocurrencies, and commodity swap transactions can be understood as a type of derivative contract arrangement whose value is based on the value of underlying commodities. Therefore, DeFi protocols like Lido that generate wETH through ETH collateral are considered to fall under the definition of commodity swap transactions.
Therefore, in theory, almost all DeFi should be included in the CFTC’s regulatory scope. This is a very scary theory. Currently, the CFTC is only targeting three small-volume DeFi protocols for this regulatory enforcement (based in the United States, facilitating regulatory enforcement), and in the future, they may target Sizable Ones.
Although Gabriel Shapiro’s theory is terrifying, in practice, unilateral regulatory enforcement by agencies such as the SEC, CFTC, and DOJ can still be addressed through judicial and legislative means. Because regulation cannot interpret the law or create the law.
3.2 What rules have been violated and who is responsible?
Since the CFTC now has the ability to fire at DeFi protocols within its jurisdiction, what are the reasons? Who is responsible?
Commissioner Summer K. Mersinger stated that in this case, it has not been demonstrated that customer funds have been misappropriated or that any market participants have been harmed by the DeFi protocol. The CFTC also only stated that the requirements of the CEA and CFTC regarding compliance registration have been violated.
The CFTC’s theoretical basis can be referenced from a speech by Brian D. Quintenz (former CFTC commissioner, current a16z partner) in 2018: For smart contract protocols, it is first necessary to clarify what kind of protocol it is and whether it falls under the category of swaps/futures/options agreements. Is it targeted at U.S. users? If so, regardless of whether it is software code or any other form, it should comply with the CFTC’s regulatory requirements.
If regulatory requirements are violated, who should bear the responsibility?
There is a huge space here that needs to be fully discussed and debated. Most lawyers have the same perspective on this issue as the judge in the Uniswap case, which is that the responsibility should be borne by the malicious third party causing the damage, not the developers who cannot control the actions of the malicious third party. The developers only release and submit the code.
However, considering the U.S. Department of Justice’s criminal charges against the founder of Tornado Cash, the CFTC v. Ooki DAO case, and the CFTC’s regulatory enforcement this time, it can be seen that regulators do not think so. The CFTC still attributes the responsibility of the malicious third party to the developers, even if the developers cannot control the actions of the malicious third party. For example, in the regulatory enforcement against ZeroEx, the regulators did not consider whether the protocol developers were associated with the derivative tokens being launched, or whether the protocol developers had the ability to control the launch of the derivative tokens.
4. How should follow-up DeFi projects operate?
The most direct answer is: escape from the United States and block U.S. users.
Of course, there is also a technique to blocking. For example, Opyn implemented measures to restrict the use of its services by U.S. users, but these measures did not actually work and still received punishment from the CFTC. It may not be enough to just block U.S. IP addresses; it may also be necessary to block VPNs from the United States or wallets from the United States. These measures can be relatively easily implemented through technological means.
Of course, there are several points to consider regarding US factors: (1) Can be used by US users (including accounts, wallets, transactions, etc.); (2) The website or product uses US servers (AWS?); (3) Services are promoted or marketed in the US; (4) Company, employees, executives, agents, and other personnel in the US are American; (5) There are dealings with US third-party service providers; (6) Involvement with US financial accounts.
The scope of how to operate is very broad, and it still needs to be assessed on a case-by-case basis.
The CFTC’s ruling on Ooki DAO has achieved recognition of violations in DeFi business and the responsibility of on-chain DAO and DAO token voting members. As mentioned in the article “CFTC Wins Lawsuit Against Ooki DAO, Establishes Precedent for DAO Legal Liability”: “After DAO can be sued, the on-chain world is no longer a lawless place. Regulatory enforcement agencies can use this as a breakthrough to regulate on-chain DAOs, DeFi, and DEX projects.” But it seems that no one paid attention???
Therefore, the regulatory enforcement by the CFTC precisely confirms the above view. The CFTC directly stomps on three DeFi protocols based on the precedent of Ooki DAO and demands that the developer companies bear primary responsibility for the same violations.
SEC aims at CeFi, CFTC aims at DeFi, and FinCEN focuses on KYC/AML/CTF of global cryptocurrency circulation. This should be the regulatory landscape of cryptocurrency assets before the 2024 US presidential election.