Author: Will Awang
On September 7, 2023, the U.S. Commodity Futures Trading Commission (CFTC) once again focused its enforcement efforts on the decentralized finance (DeFi) sector and imposed penalties on three U.S.-based blockchain companies, Opyn, Inc., ZeroEx, Inc., and Deridex, Inc. The companies eventually admitted guilt and reached a settlement.
Before enjoying the “fruits of victory” that Uniswap brought to the DeFi industry in court, CFTC immediately shattered it a week later and aimed its regulatory cannon directly at the DeFi derivatives market and even the entire DeFi industry.
This article will analyze the impact and coping strategies for the DeFi industry by examining the background of the CFTC’s regulatory enforcement cases and the opposing voices within the CFTC.
- Understanding the New Changes in Accounting Rules for Cryptocurrencies in the United States
- Vitalik Buterin Speech Transcript The Past and Present of Ethereum
- Decoding Debank From DeFi Wallet to Layer2, How to Catch up with the New Trend of SocialFi?
CFTC may be a more formidable regulator than the SEC, and it may directly target DeFi;
CFTC imposed regulatory penalties on developer companies for violating derivatives trading regulations in DeFi;
CFTC directly attributed the responsibility of malicious third parties to developers, even if developers cannot control the occurrence of malicious third-party behavior;
Gabriel Shapiro, a lawyer at Delphi Labs, said, “100% of DeFi will be illegal.”
While the SEC aims its cannon at CeFi, the CFTC aims its cannon at DeFi, and FinCEN focuses on KYC/AML/CTF for global crypto asset circulation, this should be the regulatory landscape for crypto assets before the 2024 U.S. presidential election.
1. Background of the Case
According to a CFTC press release, Opyn and Deridex respectively developed and deployed their own blockchain-based protocols and websites, which provided token derivatives trading and perpetual contract trading. These transactions are considered retail commodity transactions for swaps/leverage/margin and can only be provided to retail users by registered exchanges that comply with the U.S. Commodity Exchange Act (CEA) and CFTC regulations. However, Opyn and Deridex provided services without registering with the CFTC, which is illegal, and they did not comply with the customer identification procedures required by banking secrecy laws. In addition, although Opyn implemented some measures to restrict U.S. users from using the service, these measures did not effectively work, and Deridex did not take any measures.
ZeroEx developed and deployed the 0x Protocol and the Matcha application, which is similar to a DEX for users to trade between multiple tokens. However, there are tokens with leverage/margin properties deployed by unrelated third parties on the DEX for investors to trade. CFTC believes that this type of transaction can only be provided to retail users by registered exchanges that comply with the CEA and CFTC regulations, but ZeroEx provided services illegally without registering with the CFTC.
Therefore, Deridex and Opyn are accused of failing to register as Swap Execution Facilities (SEFs) or Designated Contract Markets (DCMs); failing to register as Futures Commission Merchants (FCMs); failing to implement customer identification procedures as required by FCMs (as part of compliance with bank secrecy laws). At the same time, ZeroEx, Opyn, and Deridex are also accused of illegally offering leveraged and margin retail commodity trading of cryptocurrencies.
According to the charges, the CFTC requires Opyn, ZeroEx, and Deridex, the three developer-operated companies, to pay civil fines of $250,000, $200,000, and $100,000 respectively, and to cease their violations. Under the settlement agreement, these three companies have agreed to pay civil fines to avoid further legal action.
CFTC Enforcement Director Ian McGinley said, “There was once an inherent idea among DeFi project parties that decentralization and on-chain were a lawless land. However, this is not the case. The DeFi industry may be innovative, complex, and constantly evolving, but law enforcement agencies will also keep up with the times and actively pursue those platforms that allow U.S. users to engage in derivative trading without proper registration.”
II. Dissenting Opinion of CFTC Commissioners
2.1 Conflict with CFTC Regulatory Principles
Although the CFTC has made the above regulatory enforcement decisions, CFTC Commissioner Summer K. Mersinger still expressed her dissenting opinion. She stated: This regulatory enforcement is targeted at DeFi protocols and applications in a decentralized environment, an area that the CFTC has not previously ventured into. Therefore, the regulatory attitude towards this field for the first time is particularly important.
Last year, in its 2022-2026 Strategic Plan, the CFTC stated that for the regulation of DeFi, it would increase stakeholder engagement and recognize the need for broad stakeholder participation in innovative industries such as DeFi. However, this regulatory enforcement action is completely different from the strategic plan. The CFTC’s “regulatory enforcement first, communication later” approach contradicts the strategic plan and the congressional mandate for “responsible innovation.”
She stated that in this case, it was not indicated that customer funds were misappropriated, nor was it indicated that any market participants were harmed by DeFi protocols/applications. Although this unreasonable regulatory approach by the CFTC can protect “imagined” investors, it cannot promote responsible innovation and will only drive the DeFi industry out of the U.S. market.
2.2 Conflict with the Uniswap Case Precedent
In addition, she raised a very practical question through the regulatory enforcement against ZeroEx: if a DeFi protocol is developed and deployed for legitimate purposes but is used by unrelated third parties for purposes that violate the CEA and CFTC regulations, who should be held responsible? Should the developers of the DeFi protocol bear the responsibility indefinitely?
These questions have actually been answered in the previous Uniswap case (refer to the article: “Defi Regulatory Woes, Uniswap in Heaven, Tornado Cash in Hell”). The court tells us from a judicial perspective that the developers and investors of Uniswap should not be held responsible for any damage caused by the third-party use of the protocol because the underlying smart contracts of Uniswap and the token contracts deployed by third parties are completely different.
Therefore, I believe that this precedent set by Uniswap can also be applied to the regulatory enforcement of ZeroEx. The CFTC’s regulatory enforcement completely violates judicial precedents.
2.3 There is no compliance path for DeFi under the CFTC
Commissioner Summer K. Mersinger stated in her dissenting opinion that the existing CFTC regulations are designed for centralized intermediaries, and the regulatory requirements are for these intermediaries to register as compliant intermediaries (such as futures commission merchants, FCMs), and then comply with the KYC/AML/CTF procedures required by banking secrecy laws, as well as the business compliance requirements of corresponding regulatory requirements.
Such regulatory provisions are not suitable for decentralized and intermediary-free DeFi protocols. How can a DeFi protocol be required to register as a futures commission merchant (FCM) established for intermediaries in a decentralized environment? This is an unresolved issue, and the CFTC’s regulatory enforcement this time did not provide a positive response.
However, regardless of how strong the opposition is, the CFTC’s regulatory enforcement still stands.
III. Will have a huge impact on derivative trading markets
3.1 CFTC may be a more formidable regulator than the SEC
Due to the SEC’s previous regulatory enforcement and judicial challenges in the crypto industry, people mistakenly believed that the CFTC might be a more crypto-friendly regulatory agency, so more regulatory authority should be given to the CFTC. However, in the recent regulatory enforcement against DeFi projects, the CFTC has gradually revealed its true colors – the CFTC has the potential to directly destroy the entire DeFi industry.
The CFTC’s regulatory enforcement this time sounded the alarm for DeFi protocols engaged in derivative trading or having derivative trading capabilities (including DEXs based on the AMM mechanism). If these protocols provide services to US users, they may be directly exposed to the CFTC’s regulatory firepower. Gabriel Shapiro, the general counsel of Delphi Labs, even stated, “100% of DeFi in the US will be illegal.”
In an interview, he said, “First of all, DeFi protocols with derivative trading capabilities have already caught the attention of the CFTC. Whether in the CFTC v. Ooki DAO case (refer to the article: “Defi Regulatory Woes, Uniswap in Heaven, Tornado Cash in Hell”) or in this regulatory enforcement, they are targeting DeFi protocols that have not complied with the CEA and CFTC regulations.”
Secondly, according to the regulations of the CEA and CFTC: “Individuals or entities cannot engage in commodity leverage/margin/financing transactions unless they obtain relevant registration or permission from the CFTC.” However, basically all DeFi protocols engage in leverage/margin/financing transactions of crypto assets (Crypto Commodity), and commodity swaps can be understood as a derivative contract arrangement whose value is based on the value of the underlying commodity. Therefore, DeFi protocols like Lido that generate wETH by pledging ETH are considered to fall under the definition of commodity swap transactions.
Therefore, theoretically, almost all DeFi should be included in the regulatory scope of the CFTC. This is a very frightening theory, and currently the CFTC is only targeting three small-volume DeFi protocols in this regulatory enforcement (based in the United States for ease of regulatory enforcement), and may target Sizable Ones in the future.
Although Gabriel Shapiro’s theory is very frightening, in practice, unilateral regulatory enforcement by agencies such as the SEC, CFTC, and DOJ can still be dealt with through judicial and legislative means. Because regulation cannot interpret the law or create the law.
3.2 What regulations are violated and who bears the responsibility?
Since the CFTC already has the ability to target DeFi protocols within its jurisdiction, what are the reasons? Who bears the responsibility?
Commissioner Summer K. Mersinger stated that in this case, there was no indication of misappropriation of customer funds or any harm to market participants caused by the DeFi protocol. The CFTC only stated that the requirements for compliance registration under the CEA and CFTC were violated.
The theoretical basis of the CFTC can be referred to a speech by Brian D. Quintenz (former CFTC commissioner, now a16z partner) in 2018: For smart contract protocols, first clarify what kind of protocol it is and whether it belongs to a swap/futures/options protocol. Is it targeting US users? If so, regardless of whether it is software code or any form, it should comply with CFTC regulatory requirements.
If regulatory requirements are violated, who should bear the responsibility?
There is a great deal of space for full discussion and debate on this issue. Most lawyers share the same perspective as the judge in the Uniswap case, that is, the responsibility should be borne by the malicious third party that caused the damage, not the developers who cannot control the malicious third party’s infringement. Developers are only responsible for publishing and submitting code.
However, considering the criminal charges by the US Department of Justice against the founder of Tornado Cash, the CFTC v. Ooki DAO case, and this regulatory enforcement by the CFTC, it can be seen that the regulators do not think so. The CFTC still attributes the responsibility of the malicious third party to the developers, even if the developers cannot control the occurrence of the malicious third party’s actions. Just like in the regulatory enforcement against ZeroEx, the regulators did not consider whether the protocol developers are associated with the derivative tokens that are launched or whether the protocol developers have the ability to control the launch of the derivative tokens.
IV. How should DeFi projects proceed in the future?
The most direct answer is: escape from the United States and block US users.
Of course, how to block them also requires some considerations. For example, although Opyn has implemented some measures to restrict the use of its services by US users, these measures have not been effective and the platform has still been punished by the CFTC. Perhaps blocking US IP addresses is not enough, and it is also necessary to block VPNs from the US or wallets from the US? These measures can be relatively easily implemented through technical means.
Of course, several factors related to the US also need to be noted: (1) being used by US users (including accounts, wallets, transactions, etc.); (2) the website or product using servers in the US (AWS?); (3) promoting or marketing the services in the US; (4) the company, employees, executives, agents, etc. being US citizens; (5) having transactions with third-party service providers in the US; (6) involving US financial accounts.
The scope of applicable operations is very broad, and specific cases need to be considered on a case-by-case basis.
Through the Ooki DAO case, the CFTC has achieved the recognition of violations in DeFi businesses and the responsibility of on-chain DAOs and token voting members of DAOs. As mentioned in the article “CFTC wins lawsuit against Ooki DAO, creating a precedent for DAOs to bear legal responsibility”: “After DAOs can be sued, the on-chain world is no longer a lawless place, and regulatory enforcement agencies can use this as a breakthrough to regulate on-chain DAOs, DeFi, and DEX projects.” But it seems that no one paid attention to it???
Therefore, the regulatory enforcement by the CFTC precisely confirms the above viewpoint. The CFTC directly trampled on three DeFi protocols based on the Ooki DAO case and demanded that the developer companies assume primary responsibility for the same violations.
The SEC aims at CeFi, the CFTC aims at DeFi, and FinCEN focuses on KYC/AML/CTF for the global circulation of cryptocurrencies. This should be the regulatory landscape for cryptocurrency assets before the 2024 US presidential election.