On July 12, 2023,  U.S. Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-N.Y.) proposed a revised version of their previously introduced crypto regulation bill to create better safeguards for the crypto industry generally while adding new, stronger consumer protection provisions and AML provisions.  The Lummis-Gillibrand bill, also known as the Responsible Financial Innovation Act (“RFIA”), identifies the need for enhanced regulation of digital assets.  The proposal addresses this need, in part, by creating clearly defined regulatory roles for the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”), which are two of the leading regulatory bodies currently engaged in regulating the U.S. crypto market, as well as creating a new Customer Protection and Market Integrity Authority self-regulatory organization.  The need for greater clarity in the roles of the CFTC and the SEC and with respect to cryptocurrency regulations generally is certainly timely, given the recent CFTC actions against Blockratize, bZeroX (and its successor Ooki DAO), and others and recent high-profile SEC actions against major crypto exchanges.

It is not unusual for users of a platform or of software to challenge the enforceability of a company’s terms of use if they take issue with the company’s product or service and decide to bring suit. As most terms of use contain an arbitration clause (or mandated dispute resolution process) and disclaimers of liability, the questions of user assent to and the overall enforceability of the terms of use become central issues early on in litigation. In each case, judges adjudicating legal challenges to site terms generally examine the circumstances behind the online contracting process closely – scrutinizing the user interface, the presentation of the terms and the reasonableness of the relevant provisions governing the transactions or online accounts at issue. In some instances, courts have ruled that online terms were unenforceable for a variety of reasons, often owing to the non-conspicuous presentation of the terms or that the terms themselves were in some way unconscionable or otherwise unenforceable. In one recent case, however, a federal judge in Georgia rejected a challenge brought by users of cryptocurrency exchange platform Coinbase Global, Inc. (“Coinbase”) and found Coinbase’s terms enforceable. (Kattula v. Coinbase Global, Inc., No. 22-3250 (N.D. Ga. July 6, 2023)).

Unlike traditional corporate entities with a typical hierarchical structure, a decentralized autonomous organization (“DAO”) – a management structure that uses blockchain technology – functions as a leaderless entity. Without a formal corporate structure, DAOs instead operate by distributing governance rights among persons who hold a specific governance token. Consequently, federal and state courts have been grappling with how to consider a DAO under existing laws that were traditionally interpreted against long-standing corporate entities.

As discussed in a prior post, DAOs allow individuals to organize and coordinate at arms-length, and rely on code (a “protocol”) to govern and execute functions traditionally determined by governing documents, like operating agreements and articles of formation, and undertaken by executives. A DAO’s protocol is committed to a public ledger on a blockchain, which guarantees accessibility and transparency. Each member is granted governance rights – the ability to propose and approve initiatives, called proposals – through a governance token. In light of their unique makeup, DAOs lack centralized leadership and a typical top-down management structure.

Accordingly, parties have debated whether a DAO should be recognized as a general partnership under state corporation laws (i.e., N.Y. P’ship Law §10: “an association of two or more persons to carry on as co-owners a business for profit….”) or, in the case of the Commodity Futures Trading Commission’s (“CFTC”) Ooki DAO enforcement, whether a DAO could be deemed an “unincorporated association” under the Commodity Exchange Act (“CEA”). Following the filing of the CFTC’s enforcement action, it is not surprising that the structure of the Ooki DAO, and the CFTC’s enforcement action against the DAO itself, has garnered a lot of media attention and industry reaction, and has raised novel legal issues.

Several questions have arisen in recent years regarding the potential liability of DAO members:

  • While DAOs are emerging as a viable structure in the DeFi space, does their non-traditional makeup necessarily shield them from real world liability?
  • Does a DAO’s structure render its activities “enforcement proof” or, at the very least, difficult to effect traditional service of process upon?
  • Can a DAO be an “unincorporated association” under federal or state law?
  • Who should be liable for the decisions made by a DAO?
  • Because token holders participate in the DAO’s governance, can they be deemed personally liable for its actions (akin to the general partners in a general partnership), even if each governance token holder is essentially unknown to the other DAO members, who likely reside in multiple jurisdictions?

The SEC suffered a significant loss last week in its ongoing legal battle with Ripple over the XRP digital token. While the District Court held that Ripple’s initial sales of XRP to institutional investors constituted the sale of unregistered securities, it was a Pyrrhic victory as the court held

In a post-FTX environment, several financial regulators are taking action to emphasize a policy of sound custody and disclosure practices and to better understand certain risks to protect customers in the event of an insolvency or similar proceeding. For example, back in January 2023, the New York Department of Financial Services announced that it had issued certain Guidance on Custodial Structures for Customer Protection in the Event of Insolvency in which it highlighted the significance of consumer protection upon insolvency or similar proceeding. And in February 2023, the Securities and Exchange Commission (“SEC”) proposed amendments to the Custody Rule under the Investment Advisers Act of 1940, which, among other changes, clarified aspects of the existing rule and expanded its application to a broader array of client assets managed by registered investment advisers.

This past month, the Commodity Futures Trading Commission (“CFTC”) acted to ensure proper risk management within the derivatives markets in relation to, among other things, digital assets, by issuing two separate releases: (1) a proposed rulemaking on potential amendments to certain Risk Management Program (“RMP”) requirements applicable to swap dealers (“SDs”), major swap participants (“MSPs”), and futures commission merchants (“FCMs”); and (2) an advisory letter reminding derivatives clearing organization (“DCO”) registrants and DCO applicants about compliance obligations when expanding the types of products cleared and services offered by DCOs, including those related to digital assets.  The CFTC stated that re-evaluating its risk management rules is necessary to keep pace with evolving markets that can give rise to new risks from emerging technologies such as digital assets and artificial intelligence.

On 8 June 2023, the UK Financial Conduct Authority (“FCA”) published a policy statement (PS23/6) on the financial promotion rules for cryptoassets (the “Policy Statement”). This is accompanied by a guidance consultation (GC23/1), where the FCA is seeking feedback on proposed guidance to the Policy Statement.