CFTC Asserts Jurisdiction Over DAOs in Groundbreaking Enforcement Action
On 22 September 2022, in its first-ever enforcement action against a decentralized autonomous organization (DAO), the Commodity Futures Trading Commission (CFTC) alleged that certain automated crypto transactions conducted on a software protocol controlled and managed by a DAO was required to comply with the same registration requirements that apply to highly regulated derivatives brokers and exchanges. Specifically, the CFTC simultaneously filed (i) a settlement order against bZeroX, LLC and its two founders for US$250,000 and (ii) an enforcement action in federal court against Ooki DAO (bZeroX, LLC’s successor) for failure to register as a futures commission merchant (FCM) and derivatives contract market (DCM) for activities that included offering leveraged and margined retail commodity transactions in digital assets.
How the CFTC Justified Its Authority Over the Ooki DAO
As background, “DAO” is a term to describe various organizations that involve collaborative action to manage assets using technology tools derived from blockchain technology. Some DAOs are incorporated legal entities whereby their directors or members use technology tools derived from public-network blockchain systems to govern the entity. Other DAOs are unincorporated groups that use blockchain-derived technologies to govern powers over digital assets and otherwise engage in collective decision-making (Alegal DAOs). The Ooki DAO is an Alegal DAO; rather than a traditional corporate governing body, the DAO is governed by users who make decisions using both off-chain social governance and on-chain voting. In the case of the Ooki DAO (and other similar Alegal DAOs), voting occurs by transactions of governance tokens. The CFTC complaint and order both refer to DAOs as “unincorporated associations” comprised of the members/tokenholders who participated in a governance vote on the protocol that carried out the violations. Because of this decentralized structure, suing a DAO involves novel legal issues.
In this particular case, the Ooki DAO was formed to decentralize control over technology that facilitates certain types of digital asset transactions. The relevant protocol allowed for any person with an Ethereum wallet to contribute margin to open leveraged positions whose value was determined by the price difference between two digital assets from the time the position was established to the time it was closed. In its allegations, the CFTC stated as follows:
- Cryptocurrencies like ETH and DAI traded on the Ooki DAO protocol are considered to be “commodities” under the Commodity Exchange Act.1
- Commodities that are offered to or entered into by retail customers on a leveraged or margined basis, where such commodities are not “actually delivered” within 28 days, are considered to be “retail commodity transactions,” which are regulated more like derivatives than as purely physical commodity transactions.2
- Because the Ooki DAO offered, executed, confirmed the execution of, solicited, and accepted orders for retail commodity transactions, and such transactions were not conducted on a registered derivatives exchange, the DAO and its actively participating members/tokenholders violated the Commodity Exchange Act for failure to register as a DCM.
- Because the Ooki DAO solicited and accepted orders for retail commodity transactions, and accepted money or property to margin those transactions, the DAO violated the Commodity Exchange Act for failure to register as an FCM.
- Because the Ooki DAO operated as an FCM, it was required to comply with Bank Secrecy Act requirements concerning adoption of a Customer Identification Program (including know your customer / anti-money laundering procedures), but it failed to do so in violation of CFTC regulations.
- The Ooki DAO has a sufficient nexus to the United States because trading on its protocol was offered to any user in the world without any filtering with respect to U.S. persons.
Key Considerations for DAOs That Operate as Digital Asset Platforms
What are the key takeaways here? For starters, regardless of the DAO structure, or a business restructuring from one LLC to another, the CFTC will look to the nature of the digital asset transactions facilitated by the DAO, rather than the form of the DAO itself, in order to determine whether any commodity or derivatives laws are being violated. As a result, digital asset market participants (whether conducted via a DAO or more traditional corporate structures) should understand the implications of retail commodity transactions, which are regulated in the same manner as derivatives by the CFTC. Where U.S. retail customers are involved in digital asset transactions, the CFTC will not only assert jurisdiction, but it will likely apply intense scrutiny in the name of customer protection.
Decentralized finance (DeFi) proponents can take solace in the fact that this is not a death knell for DAOs by any stretch. In pursuing this action against the Ooki DAO, the CFTC is in many ways treating the DAO as any other business entity that might offer or solicit offers for digital assets. This means that DAOs with an appropriate nexus to the United States are subject to the CFTC’s antifraud and anti-market-manipulation authority for pure commodity transactions (including fully collateralized digital asset trades or transactions with nonretail customers) and the CFTC’s full regulatory authority with respect to retail commodity transactions, in each case to the extent the CFTC deems the digital asset to be a commodity. This will in many ways provide regulatory certainty to DAOs that offer digital assets in the United States. However, familiarity with U.S. derivatives and commodities laws and regulations will be a prerequisite for proper compliance with the CFTC’s authority and expectations.
Control and Participation Are Key Factors for DAO Liability
In both the complaint and settlement order, the CFTC consistently points to who has control of the protocol or participates in the DAO, applying well-established principles of law to this new technology-focused type of organization despite glaring differences in governance and application. In its complaint, the CFTC holds the Ooki DAO liable as a principal for the actions of “those authorized to work on behalf of the Ooki DAO [including its] members, officers, employees, and agents,” although an Alegal DAO does not have members, officers, employees, or agents, relying instead on collective decision-making. The CFTC settlement order blurs the lines between LLC and DAO with regard to control, specifically stating that, in practice, like any LLC is governed by its members, the DAO in this case governed the protocol through the votes of its tokenholders. The order also imposes personal liability on certain of the Ooki DAO’s tokenholders as active participants, an argument which the CFTC asserts is based on partnership law: “Individual members of an unincorporated association organized for profit are personally liable for the debts of the association …” (emphasis added). As noted above, the CFTC considers a DAO to meet the federal definition of an “unincorporated association” because it is a “voluntary group of persons … without a charter … formed by mutual consent for the purpose of promoting a common objective.”
As defined by the CFTC, any tokenholder who voluntarily votes his or her tokens to affect the outcome of a DAO governance vote is considered to be a “member” of the DAO. This should be considered as a serious warning sign to DAO tokenholders who are active in voting on governance issues: beware the extra-legal activities of the DAO, as you may be left holding the bag. This does, however, exclude passive tokenholders, which is a meaningful distinction, given that governance participation is not mandatory and that governance tokens liquidly trade on decentralized exchanges. However, while helpful, this distinction creates new questions. Is it logical and proper for a tokenholder who votes against an illegal activity to be held liable for the illegal activity if their position fails? Should a tokenholder who only voted for something trivial or inconsequential, like the name of the DAO or the logo to be used, be held liable for all of the actions of the DAO? Should minority or de minimis tokenholders be held to the same liability standard as substantial/majority tokenholders? Such policy questions are implicated by the complaint and settlement order by the CFTC but are left to be determined another day.
Scrutinizing the CFTC’s Justification of Tokenholder Liability
This interpretation of DAO tokenholder liability came under assault by CFTC Commissioner Summer Mersinger, who published a compelling dissent on that portion of the CFTC’s settlement order and complaint. She faulted the CFTC for relying on an “inapplicable State law legal theory” intended for private contract and tort disputes and instead pointed to aiding and abetting liability as a suitable alternative (already authorized by Congress) in order to hold DAOs responsible for violations of law. Mersinger called the CFTC’s approach blatant “regulation by enforcement,” and one that unfairly picks winners and losers.
We will be watching this issue of DAO tokenholder liability closely, as it stands to have vast repercussions in U.S. DeFi markets if the CFTC’s interpretation is upheld.
Questions? Contact your favorite K&L Gates, LLP attorney, including the authors of this piece.
This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.