SEC vs. DEFI - Part I: DeFi Cometh & So Do the Regulators
REGULATORS’ ATTENTION TO DEFI IS INEVITABLE
DeFi is hot.
Just as with ICOs in 2017, skyrocketing DeFi valuations and regrettable crash-and-burn scandals will inevitably attract mainstream media coverage and how-to guides for normie retailers. These factors, in turn, will draw the panoptical attention of (potentially amgery) politicians and regulators.
We’ve been here before. In 2017, the SEC Chairman Jay Clayton’s proclamation that essentially all ICOs were securities offerings sent shockwaves through the industry and helped trigger the multi-year crypto bear market we are only just now pulling out of.
Which brings us to the legal question du jour: when, where and how will the regulatory banhammer drop on DeFi? We all know it’s only a matter of time.
Fear not—your man lex_node’s got you with the hookup. Do I have a crystal ball? No. But I keep an ear to the ground and talk to regulators and my fellow cryptolawyers on the regular.
This piece focuses on how U.S. securities laws might relate to DeFi, but, of course, there are other potential issues—the commodities law attack vectors might be even be more severe, and I will cover those in another upcoming issue.
“WHERE WE ARE RIGHT NOW” - MY TENDENTIOUS OVERVIEW
A. Enforcement & Official Guidance So Far—Not Much!
tldr: almost all of the SEC’s recent guidance and litigation has been focused on 2017-style utility tokens and thus does not paint a clear picture of the SEC’s views on how securities laws relate to DeFi, but there is some early action (The DAO Report, the EtherDelta settlement) that remains potentially relevant, though still very different
Up until very recently, the SEC’s publicly expressed regulatory mindset was stuck in 2017. Their biggest crypto regulatory victory this year was obtaining a preliminary injunction and settlement against Telegram prohibiting the distribution of tokens pursuant to its hilariously inept 2017-style SAFT sale. This is, at best, a Pyrrhic victory for them because token distribution schemes (both non-VC-backed and VC-backed) have evolved so dramatically since then that the Telegram case was effectively DOA. It barely made a blip on most people’s radar screens, and certainly did not change their behavior. I know of one DeFi company who raised a Telegram-related issue from their lawyer and was told by their VC conclusory words to the effect of ‘that case doesn’t matter.’ The SEC’s other major pending action is against Kik/Kin regarding yet another 2017-style SAFT-based utility token scheme that has little relevance to today’s DeFi wave.
So, what we have today is a bunch of SEC guidance about 2017-style token sales, and one judicial opinion about a late 2017-style SAFT-token-distribution scheme (which was decided on a motion for preliminary injunction rather than motion for summary judgment or after a trial). Hardly a very evolved or relevant body of law and guidance compared to what’s happening in DeFi! Basically, the SEC has been way too slow again—just like it was in 2016-2017.
There are two noteworthy exceptions to this “we don’t have much DeFi-relevant guidance” situation:
The first is the SEC’s very first official statement about tokens, The DAO Report, in which it found that memberships in the original Slock.it DAO were securities. Since so much of DeFi is about the revival of DAOs and governance tokens, the DAO Report remains an interesting and potentially relevant touchpoint. But the DAOs and governance communities of today are materially different from that of “TheDAO”; for example:
TheDAO tokens traded freely, but today we have several DAOs, like the LAO and MetaCartel Ventures DAO, that cap membership and restrict token transfers.
The DAO Report’s reasoning relied heavily on the role of the DAO’s “curators” to argue that DAO memberships were securities rather than partnership interests, but there is a more subtle role of community members in many of today’s DeFi governance projects. Some projects feature similar roles—e.g. a “multisig” or a “council”—but not all of them do. Moreover, many of these projects are arriving at their curator/council/multisig structures through more chaotic paths that look more like spontaneous community self-organization than a traditional Howey scheme. In the Howey case law, the “others” whose “entrepreneurial efforts” may be relevant to the investors’ “reasonable expectation of profits” are identified and their efforts expected from the start of the offering; in DeFi, the waters are often much muddier.
The other exception to ‘we have no SEC DeFi guidance’ is the SEC’s action & settlement against Zachary Coburn for creating and running EtherDelta, perhaps the first prominent self-styled decentralized exchange/“DEX” in the 2017 glory days. However, this was just a settlement announcement—not a judicial opinion or guidance on the general topic of DEXs. Therefore, its reasoning is quite cursory and limited. Moreover, EtherDelta was very different from, and arguably much more centralized than, today’s DEX darlings like Uniswap and 0x.
B. Compliance & Structuring Options - Can We Pleaze Haz?
tldr: there is still no practical compliance path even for 2017-style utility tokens (which the SEC has been very publicly focused on), never mind 2020-style DeFi governance tokens (which the SEC has not been publicly focused on); the SEC has been very slow to publicly adapt to DeFi, & the guidance they’ve given is primarily relevant to utility tokens, not DeFi tokens
To the surprise of many (including myself), years deep into all this, the SEC has yet to identify a good compliance path even for 2017-style-utility-token projects, never mind the more exotic yield-delivering governance tokens of DeFi. In 2017-2018, various lawyers and law firms tried to stake their claim to fame by proposing different kinds of safe harbors for token sales to the SEC, but none really went anywhere. William Hinman’s “sufficiently decentralized” speech instead articulated a kind of ad hoc factor-based approach that was informally adopted by SEC staff and did not provide much help for projects because “sufficiently decentralized” was not clearly defined and, frankly, I am not even sure that Hinman or the other staff ever had a really clear idea of what they meant by it—though I have tried to flesh it out better for them.
For a while, it looked like Blockstack-style Regulation A+ offerings would provide a viable—albeit expensive and time-consuming—path toward launching a token compliantly and achieving gradual decentralization until the token is no longer deemed a security. Thanks to issuing its token through a qualified Tier II Regulation A+ offering, Blockstack was able to sell its token, have it be usable in the context of its technology, use it to allow for ‘app mining’ to reward developers, have it trade freely on secondary markets, and even get it listed on Binance while openly disclosing it was paying Binance (something that would be considered legal suicide for most token projects). However, Blockstack continues to be dogged by securities law uncertainties, as indicated in its most recent annual filing, where it still felt the need to note the risk that the entire Blockstack blockchain could be deemed an illegal securities exchange as a result of STACKs being securities.
As far as I know no other projects have successfully followed the Blockstack path since—i.e., no other projects have launched a native public blockchain network token through Regulation A+. Arca Capital had a stablecoin approved through Regulation A+, but that is very different. Rumblings within the cryptolaw and security token communities suggest that the SEC’s trading & markets division is opposed to these offerings to the extent that they do not interpose a registered securities transfer agent or broker-dealer between token holders and the blockchain (and, of course, the broker/dealers and enterprise blockchain companies have been lobbying for this approach for years). Such intermediation obviously would be disastrous for a cryptonative token system—it means your blockchain is just an SQL database controlled by a FINRA-supervised entity. Yuck!
The other main option for launching tokens—selling them as securities pursuant to a Regulation D private placement, letting the unaffiliated investors hold them for 12 months and then letting them be sold in the secondary market pursuant to the Rule 144 safe harbor—is also in serious doubt of being viable, both because the SEC’s trading and markets division is hostile to securities trading on public blockchains and because the Telegram opinion threw heavy shade on this approach. However, this issue gets rather technical—for more detail, see my article SEC v. Telegram - Three Deeper Takeaways.
All in all, we sadly really remain locked between "a rock and a hard place” on launching tokens in compliance with the securities laws. Anyone who tells you differently is overconfident or lying.
In reaction to this situation, a noteworthy development in 2020 was Hester Peirce’s February 2020 proposal to the SEC for passing a token offering safe harbor. Peirce recognizes that token projects are caught in a Catch-22: they must become sufficiently decentralized to escape securities law burdens, but cannot become sufficiently decentralized because the securities laws dramatically limit token transferability. Her proposal for solving this issue through a safe harbor is a great starting point, but personally I feel that the proposed details have major “2017 vibes”. A dead giveaway is that, roughly speaking, the proposal treats ‘functionality’ as being just as good a reason for clearing a token as the token ‘not being under the control of any person’. But “liquidity mining” and “voting on DeFi proposals” like whether to distribute systems fees to the voters are are very, very different “functions” from the kinds of consumer functions—like living in a condominium—that the Howey case law values in determining that an asset does not represent an investment contract.
I tried to note the increasing irrelevance of ‘functionality’-style arguments to DeFi in my “Open Letter to SEC Commissioner Peirce” about her proposal, along with my suggestion for an amended safe harbor proposal which focuses on defining “sufficient decentralization” and making the Regulation A+ path or the Regulation D —> Rule 144 path workable. Others have also proposed that Regulation A+ is a good starting point and can be made more usable by blockchain projects. Since then, my views have evolved a bit (x, y), and it sounds like Peirce’s have as well—apparently she is revising her proposal in light of DeFi developments (z), though it sounds like she is stridently committed to pushing the SEC to simply keep its hands off tokens as long as they serve a purpose and there is no fraud involved.
PREVIEW OF PART II AND SOME COMMENTS ON WHY I DON’T SUGAR-COAT LAW’S CONFLICTS WITH BLOCKCHAIN
Coming in Part II— “The DAO Report Rises, Brandishing the SEC's Secret Anti-DeFi Weapon ,” where I will break down my thoughts on how the SEC can credibly walk back its “sufficient decentralization” guidance and still attack nearly every DeFi project—if it wants to.
No FUD intended—but people should be informed about the risks they are running, and, from my vantage point, most DeFi participants are currently terribly overconfident about what “sufficient decentralization” means and how supposedly easily and quickly it can be achieved.
Remember, a Coinbase listing is not an SEC no-action letter! If one of your goals is to make your technology system resistant to governmental capture, you should be analyzing threats from government agencies like the SEC just as you would any other security threat—know your adversary inside-out and take them seriously!
I like to think that a valid cypherpunk-oriented mission of lawyers like me is to provide credible threat analysis. Therefore, I do not truck in hopium about what the laws “should” be or “really would be” if you were to litigate cases for years and spend millions to appeal them to a Supreme Court level and argue philosophy instead of rule and precedent. I talk about the law as it exists today and is likely to be commonly understood and applied by non-positively-blockchain-biased lawyers, regulators and judges.
And that is just what I will do in Part II—I will show you the worst-case scenario of how the SEC could credibly attack DeFi projects, if it chooses to. And a lot of what I say will be contrary to the securities law theories and assumptions regularly spread through the DeFi community, mostly by non-lawyers or by lawyers who are so zealously convinced of DeFi’s benefits that it is hard for them to paint any kind of negative picture of how DeFi might be breaking laws. The girth of many such lawyers’ wallets depends on trying to soft-peddle blockchain technology’s risks and arguing that decentralized technologies and law are deeply compatible—this helps persuade regulators and judges who might not understand the tech very well to “go easy” on these lawyers’ established ultra-wealthy clients. But it’s not really true.
The truth is that, like all dissident systems, DeFi is designed in large part to enable freedom from regulations—that means breaking laws! The reason why people will tolerate the incredible clunkiness of operating through error-prone smart contract interfaces, paying incredibly high transaction fees to miners and waiting 5-10 minutes for confirmation is because that’s still better than doing KYC/AML or not having access to certain investments because you’re not accredited. DeFi provides cover for businesses to decline KYC/AML review and other regulatory obligations that would normally apply to them. That may be ethically justified from a moral or civil rights point of view, but it doesn’t mean it’s legal. There’s a reason why much political protest is referred to as civil disobedience. Let’s just keep it real!
I will probably also do a Part III discussing what I think the SEC should do and my speculations on what it actually will do—of course, what the SEC ends up doing may depend significantly on the results of our upcoming presidential election and who the 2021 president appoints to chair the SEC!
Stay tuned! And, as always, you have my infinite thanks for your interest and support!
-your boi lex_node
Gabriel, great piece, I appreciate it very much!