CFTC Enforces Action Against Three DeFi Protocols, Sounding an Alarm for All Derivatives Trading Platforms

On September 7, 2023, the U.S. Commodity Futures Trading Commission (CFTC) once again focused its enforcement efforts on the decentralized finance (DeFi) sector and imposed penalties on Opyn, Inc., ZeroEx, Inc., and Deridex, Inc., three blockchain companies based in the United States. The companies ultimately admitted guilt and settled.

Before even enjoying the “fruits of victory” that Uniswap brought to the DeFi industry in court, the CFTC ruthlessly shattered it just one week later, directing its regulatory cannons directly at the DeFi derivatives market and even the entire DeFi industry.

This article will analyze the impact and response strategies for the DeFi industry. It will examine the background of the regulatory enforcement by the CFTC in this case, as well as internal dissent within the CFTC.

TL;DR

• CFTC may be a more formidable regulator than SEC, and it may directly target DeFi for regulation.
• CFTC imposes regulatory penalties on developer companies for DeFi’s violation of derivatives trading regulations.
• CFTC directly attributes the responsibility of malicious third parties to developers, even if developers cannot control the occurrence of malicious third-party behavior.
• Gabriel Shapiro, the General Council of Delphi Labs, stated, “100% of DeFi would be illegal.”
• SEC focuses on CeFi, CFTC focuses on DeFi, and FinCEN is responsible for global circulation of crypto assets for KYC/AML/CTF. This should be the regulatory landscape for crypto assets before the 2024 US presidential election.

（https://beincrypto.com/defi-illegal-us-cftc-case-charges-opyn-zeroex-deridex/）

1. Case Background

According to a CFTC press release, Opyn and Deridex have developed and deployed their own blockchain-based protocols and websites, which provide token derivative trading and perpetual contract trading. These transactions fall under the category of retail commodity transactions involving swaps/leverage/margin, and can only be offered to retail customers on registered exchanges that comply with the U.S. Commodity Exchange Act (CEA) and CFTC regulations. However, Opyn and Deridex have never registered with the CFTC, illegally providing their services without fulfilling the customer identification procedures required by banking confidentiality laws. Furthermore, although Opyn has implemented some measures to restrict U.S. users from using their service, these measures have proven ineffective, and Deridex has not taken any measures at all.

ZeroEx has developed and deployed the 0x Protocol and the Matcha application, which is similar to a decentralized exchange (DEX) that allows users to trade between multiple tokens. However, there are tokens with leverage/margin characteristics deployed by unrelated third parties on the DEX, available for investors to trade. The CFTC believes that these types of transactions can only be offered to retail customers on registered exchanges that comply with the CEA and CFTC regulations, and ZeroEx has illegally provided its services without registering with the CFTC.

Therefore, Deridex and Opyn are accused of failing to register as a Swap Execution Facility (SEF) or Designated Contract Market (DCM); failing to register as a Futures Commission Merchant (FCM); and failing to implement customer identification procedures as required by FCM (as part of complying with banking confidentiality laws). Additionally, ZeroEx, Opyn, and Deridex are also accused of illegally providing leveraged and margined retail commodity transactions involving crypto assets.

According to the charges, the CFTC is demanding that Opyn, ZeroEx, and Deridex, as the developer-operating companies, each pay civil penalties of $250,000, $200,000, and $100,000 respectively, and cease their unlawful activities. As part of the settlement agreement, these three companies have agreed to pay the civil penalties to avoid further legal action.

Ian McGinley, the Enforcement Director at the CFTC, said, “Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not. The DeFi space may be novel, complex, and evolving, but the Division of Enforcement will continue to evolve with it and aggressively pursue those who operate unregistered platforms that allow U.S. persons to trade digital asset derivatives.“

2. Dissenting Opinion of CFTC Commissioner

2.1 Conflict with CFTC Regulatory Principles

Despite the regulatory enforcement decisions made by the CFTC, Commissioner Summer K. Mersinger has expressed her opposition to it. She stated that this regulatory enforcement specifically targets decentralized finance (DeFi) protocols and applications, an area in which the CFTC has never ventured before. Therefore, the initial regulatory approach to this field is particularly important.

In the CFTC’s 2022-2026 Strategic Plan last year, it was stated that regulation of DeFi would involve increased stakeholder engagement and recognition of the need for broad stakeholder involvement in innovative industries like DeFi. However, this regulatory enforcement action is completely different from the strategic plan. The CFTC’s approach of “enforcement before communication” contradicts the strategic plan and the Congress’s call for “responsible innovation.”

She noted that in this case, there was no indication of customer funds being misappropriated or any market participants being harmed by DeFi protocols/applications. This unreasonable regulatory approach by the CFTC may protect “imagined” investors but fails to foster responsible innovation, ultimately driving the DeFi industry out of the U.S. market.

2.2 Conflict with Uniswap Case Precedents

（https://twitter.com/dyorexchange/status/1697332141938389281）

In addition, she raises a very practical question through the regulation and enforcement of ZeroEx: if a DeFi protocol is developed and deployed for legitimate purposes but is used by unrelated third parties for purposes that violate the CEA and CFTC regulations, who should be responsible for this? Should the developers of the DeFi protocol bear the responsibility forever?

These questions have actually been answered in the previous Uniswap precedent (refer to the article: “DeFi Regulatory Woes of DeFi: Uniswap in Heaven, Tornado Cash in Hell“). The court tells us from a judicial standpoint that the developers and investors of Uniswap should not be held responsible for any damages caused by third-party use of the protocol, because the underlying smart contract of Uniswap and the token contracts deployed by third parties are completely separate.

Therefore, I believe that the precedent set by Uniswap can also be applied to the regulation and enforcement of ZeroEx. The CFTC’s regulation and enforcement completely contradict the judicial precedent.

2.3 There is no CFTC Compliance Path for DeFi

Commissioner Summer K. Mersinger stated in her dissent that the existing CFTC regulations are designed for centralized intermediaries, requiring them to register as compliant intermediaries (such as futures commission merchants, FCM) and comply with KYC/AML/CTF procedures under the Bank Secrecy Act, as well as other regulatory requirements.

Such regulatory provisions are not suitable for decentralized and intermediation-free DeFi protocols. How can a DeFi protocol be required to register as an FCM, which is designed for centralized intermediaries? This is an unresolved issue, and the CFTC’s regulatory enforcement did not address it directly.

However, regardless of the strength of the opposition, the CFTC’s regulatory enforcement continues.

3. Will Cause Significant Impact on DeFi Derivatives Trading Market

3.1 CFTC may be a more formidable regulator than the SEC

Due to the SEC’s previous regulatory enforcement and judicial challenges in the cryptocurrency industry, people mistakenly believed that the CFTC might be a more crypto-friendly regulatory agency, leading to the suggestion of granting more regulatory authority to the CFTC. However, in recent regulatory enforcement actions against DeFi projects, the true nature of the CFTC has gradually emerged - it has the potential to potentially destroy the entire DeFi industry.

The CFTC’s recent regulatory enforcement actions have sounded the alarm for DeFi protocols engaged in derivative trading or with derivative trading functionality (including DEXs based on AMM mechanisms). If these protocols provide services to US users, they could be directly exposed to the CFTC’s regulatory firepower. Gabriel Shapiro, a lawyer and GC at Delphi Labs, even stated that all DeFi in the US would be illegal.

（https://thedefiant.io/100-of-defi-could-become-illegal）

In an interview, he stated: Firstly, DeFi protocols with derivative trading functionality have caught the attention of the CFTC. Whether it’s the CFTC v. Ooki DAO case (refer to the article: DeFi Regulatory Woes: Uniswap in Heaven, Tornado Cash in Hell) or the current regulatory enforcement, they are all targeting DeFi protocols for non-compliance with the CEA and CFTC regulations.

Secondly, according to the relevant regulations of the CEA and CFTC: “Individuals or entities cannot engage in commodity leverage/margin/financing transactions unless they obtain the relevant registration or license from the CFTC.” However, almost all DeFi protocols engage in leverage/margin/financing transactions with crypto commodities and commodity swap transactions can be understood as a derivative contract arrangement whose value is based on the value of the underlying commodity. Therefore, DeFi protocols like Lido, which pledges ETH to generate wETH, fall within the definition of commodity swap trading.

Therefore, in theory, almost all DeFi should be under the CFTC’s regulatory purview. This is a very alarming theory, and currently, the CFTC is only targeting three small-volume DeFi protocols in this regulatory enforcement (based in the US for easier regulatory enforcement), but in the future, they may target more sizable ones.

While Gabriel Shapiro’s theory may be alarming, in practice, legal and legislative measures can still be taken to address unilateral regulatory enforcement by agencies such as the SEC, CFTC, and DOJ. This is because regulations cannot interpret or create laws.

3.2 What rules were violated and who is responsible?

Since the CFTC already has the ability to target DeFi protocols within its jurisdiction, what are the reasons? Who should be held responsible?

Commissioner Summer K. Mersinger stated that in this case, it was not indicated that customer funds were misappropriated or that any market participants were harmed by the DeFi protocol. The CFTC also only mentioned a violation of the CEA and CFTC requirements regarding compliance registration.

The CFTC’s theoretical basis can be referenced to a speech by Brian D. Quintenz (former CFTC commissioner, now a16z partner) in 2018: For smart contract protocols, it is first necessary to determine what type of protocol it is, whether it falls under the category of swaps/futures/options agreements, and whether it is targeting U.S. users. If it does, then regardless of whether it is software code or any other form, it should comply with the CFTC’s regulatory provisions.

If regulatory provisions are violated, then who should be held responsible?

There is a significant space for thorough discussion and debate on this matter. Most lawyers share the same perspective as the judge in the Uniswap case, which means that liability should be borne by the malicious third party causing the harm, and not by the developers who have no control over the actions of the malicious third party and are merely publishing and submitting code.

However, considering the criminal charges brought by the U.S. Department of Justice against the founder of Tornado Cash, the case of CFTC v. Ooki DAO, and this enforcement action by the CFTC, it can be seen that regulators do not hold the same view. The CFTC still attributes responsibility for the actions of malicious third parties to the developers, even if the developers have no control over the occurrence of such malicious actions. For example, in the regulatory enforcement against ZeroEx, regulators did not consider whether the protocol developers had any connection to the derivative tokens being listed or whether the developers had the ability to control the listing of those derivative tokens.

4. How Should DeFi Projects Proceed?

The most straightforward answer is to escape from the United States and block US users.

Of course, how to block them also requires skills. For example, Opyn implemented some measures to restrict American users from using their service, but these measures did not effectively work, and they still faced penalties from the CFTC. Perhaps blocking American IP addresses is not enough; it may also be necessary to block VPNs originating from the United States or wallets associated with the United States. These can be relatively easily achieved through technical means.

Of course, there are several factors to consider regarding the United States: (1) It should be usable by US users (including accounts, wallets, transactions, etc.); (2) The website or product should use US servers (AWS?); (3) Services should be promoted or marketed in the US; (4) Company employees, executives, agents, etc. should be US citizens; (5) There should be dealings with third-party service providers in the US; (6) Involvement with US financial accounts.

In summary: (1) Complete blocking measures should be implemented, including a declaration in the Terms of Use, to avoid falling under regulatory scrutiny; (2) Efforts should be made to legally package the development team and DAO to avoid individual liability for DeFi protocol; (3) Escape from the US. Even giants like Coinbase are cautious about engaging in derivatives business under US regulation. They establish offshore derivative businesses and actively apply for licensing qualifications from the CFTC.

The scope of applicable operations is very broad, and it still needs to be assessed on a case-by-case basis.

5. Conclusion

CFTC has established determinations of violations within the DeFi industry and the accountability of on-chain DAOs and token voting members based on the precedent set by Ooki DAO. Previously, it was stated in an article titled “CFTC Wins Lawsuit Against Ooki DAO, Setting Precedent for DAOs’ Legal Liability“ that “after DAOs can be sued, the on-chain world is no longer a lawless place, and regulatory authorities can use this as a breakthrough to regulate on-chain DAOs, DeFi, and DEX projects.” However, it seems that no one paid attention to it??

This time, CFTC’s regulatory enforcement precisely confirms the above viewpoint. CFTC, using the Ooki DAO case as a precedent, directly targets three DeFi protocols and requires the developer companies to bear the main responsibility for the same violations.

While the SEC aims at CeFi, CFTC targets DeFi, and FinCEN focuses on global crypto asset circulation with KYC/AML/CTF, this is likely to be the regulatory landscape for crypto assets before the 2024 US presidential election.

(https://cryptoslate.com/cftc-settles-charges-against-companies-behind-0x-zrx-two-other-defi-protocols/)
(https://cryptoslate.com/cftc-settles-charges-against-companies-behind-0x-zrx-two-other-defi-protocols/)

Disclaimer：

1. This article is reprinted from [Web3小律]. All copyrights belong to the original author [Will 阿望]. If there are objections to this reprint, please contact the Gate Learn team（[email protected]）, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.