The Commodity Futures Trading Commission (CFTC) has filed and settled charges against bZeroX and founders Tom Bean and Kyle Kistner. The CFTC alleges that respondents illegally offered leveraged and margined retail commodity transactions in digital assets. The CFTC states that the activity can only be initiated by “futures commission merchants (FCMs). The CFTC claims that the respondents failed to adhere to the Bank Secrecy Act which requires an identification process.
The respondents are required to pay a $250,000 penalty and halt all activity that is apparently in violation of CFTC regulations.
The CFTC reports that the respondents “engaged in these activities in connection with a decentralized blockchain-based software protocol that functioned similarly to a trading platform.”
Simultaneously, the CFTC filed a federal civil enforcement action in the U.S. District Court for the Northern District of California charging the Ooki DAO a decentralized autonomous organization and the successor to bZeroX that operated the same software protocol as bZeroX. The CFTC labeled Ooki DAO as an “unincorporated association.” The allegations are the same as above.
The CFTC seeks restitution, disgorgement, civil monetary penalties, trading and registration bans, and injunctions against further violations of the CEA and CFTC regulations, as charged.
Chairman Rostin Behnam commented on the enforcement action:
“Today’s actions demonstrate the CFTC’s commitment to aggressively pursuing individuals and their operations who purposefully seek to evade regulatory oversight at the expense of retail customers. I commend our dedicated enforcement team for pursuing this scheme which touches on many areas of concern regarding this growing market.”
“These actions are part of the CFTC’s broader efforts to protect U.S. customers in a rapidly evolving decentralized finance environment,” added Acting Director of Enforcement Gretchen Lowe. She added that digital asset trading must take place on regulated exchanges.
The enforcement thus challenges the entire concept of DeFi or decentralized trading activity.
Following the announcement by the CFTC, Commissioner Summer K. Mersinger dissented to the enforcement action noting there were no allegations of fraud claiming “regulation by enforcement.”
Commissioner Mersinger’s statement is republished below:
Today the Commission is called upon to consider novel and complex questions about how our governing statute, the Commodity Exchange Act (CEA), applies in a world of digital assets, blockchain technology, and decentralized autonomous organizations (DAOs) —technology that did not exist when the statute was enacted in 1974, and that has just started to develop since Congress last amended the statute as part of the Dodd-Frank Act in 2010.
Unfortunately, I cannot support the Commission’s approach to this particular matter. While I do not condone individuals or entities blatantly violating the CEA or our rules, we cannot arbitrarily decide who is accountable for those violations based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing. For these reasons, I am respectfully dissenting in this matter.
As I mentioned, I do not approve of or excuse activity that violates the CEA or those who direct others to participate in unlawful activity. Thus, there are parts of the Commission’s two related enforcement actions in this matter that I support:
First, the Commission is issuing a settlement Order finding that bZeroX, LLC, a limited liability company, violated exchange-trading and registration requirements in the CEA and the CFTC’s anti-money laundering rules with respect to a blockchain-based software protocol that accepted orders for, and facilitated, margined and leveraged retail commodity transactions. The settlement Order further finds that Tom Bean and Kyle Kistner, co-founders and co-owners of bZeroX, LLC, are liable for those violations pursuant to the provisions in Section 13(b) of the CEA regarding control person liability for violations by a corporate entity. There is nothing particularly new or unusual about these charges, and I would vote to approve this settlement if it were based solely on those findings.
Second, because Bean and Kistner transferred control of the protocol to the Ooki DAO, and the protocol continues to operate in the same illegal manner, the Commission also is filing an injunctive enforcement action through a Complaint charging the same violations by Ooki DAO as an unincorporated association. Certainly, I agree that conduct illegal under the CEA and CFTC rules, is not acceptable whether done by a corporation or an unincorporated association.
However, in its settlement Order and Complaint, the Commission defines the Ooki DAO unincorporated association as those holders of Ooki tokens that have voted on governance proposals with respect to running the business. Because Bean and Kistner fall into that category, the settlement Order also finds them liable for violations of the CEA and CFTC rules by the Ooki DAO based solely on their status as members of the Ooki DAO unincorporated association—relying on a State-law doctrine that members of a for-profit unincorporated association are jointly and severally liable for the debts of that association.
I cannot agree with the Commission’s approach of determining liability for DAO token holders based on their participation in governance voting for a number of reasons.
- First, not only does this approach fail to rely on any legal authority in the CEA, it also does not rely on any case law relevant to this type of action. Instead, the Commission’s approach imposes governmental sanctions for violations of the CEA and CFTC rules based on an inapplicable State-law legal theory developed for contract and tort disputes between private parties;
- Additionally, this approach arbitrarily defines the Ooki DAO unincorporated association in a manner that unfairly picks winners and losers, and undermines the public interest by disincentivizing good governance in this new crypto environment;
- This approach constitutes blatant “regulation by enforcement” by setting policy based on new definitions and standards never before articulated by the Commission or its staff, nor put out for public comment; and
- Finally, the Commission ignores an alternative, well-established basis for imposing liability for the Ooki DAO’s violations of the CEA and CFTC rules in this case – i.e., aiding and abetting liability—that is specifically authorized by Congress and that would solve all of these problems.
Although there are no allegations of any fraud having occurred here, we all are mindful of the need to protect customers who are participating in the largely unregulated crypto space. But those good intentions do not entitle the Commission to act through enforcement without proper legal authority, notice, or public input.
Absence of Applicable Legal Authority
There is no provision in the CEA that holds members of a for-profit unincorporated association personally liable for violations of the CEA or CFTC rules committed by the association based solely on their status as members of that association. Yes, the CEA applies to an association. The distinction here is that the Commission is attempting to determine who is, and who is not, liable for violations of the CEA and CFTC rules by the association.
The CEA sets out three legal theories that the Commission can rely upon to support charging a person for violations of the CEA or CFTC rules committed by another: i) principal-agent liability; ii) aiding-and-abetting liability; and iii) control person liability. The Commission’s settlement Order does not cite a single provision of the CEA, or of Federal common law, to support the notion that the Commission can impose liability for the violations of another if none of these three legal theories set out in the CEA applies (or, worse, if the Commission thinks that establishing the CEA legal theories would be hard to do).
Yet, the settlement Order holds Bean and Kistner personally liable for violations of the CEA and CFTC rules by Ooki DAO based on their status as voting token holders of the Ooki DAO. In doing so, the Commission relies solely on two contract disputes and one tort case – all between private parties and all decided under State law – which stand for the proposition that individual members of a for-profit unincorporated association are personally liable for the debts of the association.
But the Commission here is not simply collecting an unpaid contractual debt of Ooki DAO. Rather, it is imposing sanctions that only the Government can impose – civil monetary penalties ($250,000), a cease-and-desist order, and a prohibition on future participation in the activities of the Ooki DAO – against Bean and Kistner (and, potentially, in the future against others who have voted Ooki Tokens on governance questions) based solely on their status as voting token holders of the Ooki DAO.
I am skeptical of any Federal or State governmental agency wielding its power to sanction in this manner, i.e., based on a legal theory from State common law contract and tort cases between private parties. Nor have I seen any indication that Congress intended the CFTC to do so—rather than relying on the principal-agent, aiding-and-abetting, and control person liability provisions that it specifically set out for the CFTC in the CEA.
An Arbitrary, Unfair, and Misguided Definition of the Unincorporated Association
As previously discussed, the Commission’s settlement Order and Complaint arbitrarily define the Ooki DAO unincorporated association as comprising those who vote their Ooki tokens. It is natural to suspect that the Commission chose this definition of the Ooki DAO unincorporated association because this definition likely is the best position for an enforcement action against the Ooki DAO. But that choice has consequences. From a broader policy and societal perspective, the Commission has drawn the definitional line in a place that leads to inequitable results and undermines the public interest.
Defining the Ooki DAO unincorporated association as those who have voted their tokens inherently creates inequitable distinctions between token holders. For example, suppose that during the period in which token holders A and B hold voteable DAO tokens: i) there is a single vote on a governance proposal, which has nothing to do with compliance with the CEA or CFTC rules; and ii) token holder A votes on it, but token holder B does not. Under the Commission’s definition, token holder A has now become a member of the unincorporated association and (possibly unknowingly) assumed personal liability and is subject to CFTC sanctions for any violations of the CEA by the Ooki DAO—whereas token holder B, by the happenstance of not voting on this random governance proposal, has not.
The Commission’s approach thus picks winners and losers, in an unfair manner. What is more, it affirmatively disincentivizes voting participation in DAO governance generally—and particularly those who may want to vote in a manner that effectuates change to comply with the law. The Commission’s approach will have a chilling effect that discourages voting, thereby hindering good governance and the development of a culture of compliance in this setting. The unmistakable take-away from the Commission’s definitional approach in these enforcement actions is that those in a DAO community should not vote, even if the governance vote encourages following the law.
Simply put: By insisting on drawing a line with respect to who is in and who is out of a DAO unincorporated association, the line the Commission has chosen in its definition of the Ooki DAO unincorporated association inevitably leads to inequitable results and undermines the public interest in good governance.
Regulation by Enforcement
But even more fundamentally problematic is the Commission drawing that line in the context of an enforcement action in the first place. As demonstrated above, the Commission’s approach in these actions will have public policy implications that extend far beyond this particular settlement and lawsuit. Yet, the Commission has made this consequential decision with no public notice or input whatsoever. It is regulation by enforcement, plain and simple.
True, the CEA does not provide the Commission with authority to regulate the Ooki DAO. However, I am aware of no reason why the Commission could not undertake a public notice-and-comment rulemaking to adopt rules addressing the novel and difficult public policy questions that are raised here. Specifically: i) who is a member of a DAO that is an unincorporated association; and ii) within the bounds of the statutory authority granted by Congress in the CEA, who will the Commission hold personally liable for a DAO’s violations of the CEA and CFTC rules, and under what circumstances?
Proceeding by rulemaking would benefit the Commission by providing us with information, views, and public input from interested parties. Such public input could, for example: i) address the potential consequences for the developing ecosystem of decentralized finance from the approach the Commission has adopted here; ii) highlight possible consequences of the Commission’s approach for unincorporated associations other than DAOs; and iii) provide alternative approaches that we might conclude would better achieve our mission as set forth in the CEA. We benefit from public input on a wide variety of rulemakings relating to our administration of the CEA – surely these questions are of sufficient importance for us to seek such input here as well.
Equally important, a rulemaking proceeding would provide notice to the public about the way in which the Commission is thinking about these important questions. Such notice is obviously absent before proceeding with this Order. One can scour the records of the CFTC and not find a single statement of the Commission, a Chair of the Commission, a Director of one of the Commission’s Divisions or Offices, or the staff of the Commission informing the public that: i) based on State-law contract and tort cases between private parties, the CFTC believes that a member of an unincorporated association, without more, is personally liable for violations of the CEA or CFTC rules by that association; or ii) the CFTC considers anybody voting a DAO’s governance token to be a member of that DAO and thus subject to personal liability and sanctions for violations by the DAO. If for some reason there is a reluctance to engage in rulemaking, nevertheless, the Commission has many other means at its disposal to shine a light on these important policy issues.
In short: The Commission should not be shrouding its views on these policy issues in obscurity—to be revealed only through enforcement actions. Nor should it be delegating its policymaking responsibility to federal judges hearing those enforcement actions. Rather, the Commission should communicate to, and engage with, the public in a transparent manner and seek out the input of those with expertise to share.
It Didn’t Have to Be this Way
I am disappointed that the Commission has decided to proceed in this manner since there is a better path available. The Commission could have decided to proceed in a manner that: i) is appropriately based on a person’s culpability rather than status; ii) is grounded squarely in the authorities granted to the CFTC by the CEA; and iii) would avoid all the concerns that I have expressed above. That is, the Commission could have found Bean and Kistner personally liable for Ooki DAO’s violations based on the aiding-and-abetting provisions of Section 13(a) of the CEA.
Bean and Kistner set in motion Ooki DAO’s violations of the CEA and CFTC rules by setting it up to operate a protocol just like the one that they had operated through bZeroX, LLC—and which operated in violation of the CEA and CFTC rules. They then publicly announced that they were transitioning to a structure that they believed would insulate that activity from any requirement to comply with US law. Further, the settlement Order finds that Bean and Kistner continued to market and solicit members of the public to trade on the protocol after transferring control to the Ooki DAO.
I believe this compelling evidence demonstrates that Bean and Kistner met the standard for aiding-and-abetting liability under the CEA. And that finding would make them liable for Ooki DAO’s violations of the CEA and CFTC rules.
Thus, utilizing the CEA’s well-established aiding-and-abetting standard would have—
- Achieved the same result with respect to holding Bean and Kistner personally liable for violations committed by the Ooki DAO;
- Enabled the Commission to make its point – with which I agree – that a decentralized organization is not immune from the legal requirements of the CEA and CFTC rules; and
- Addressed the concerns about legal authority, inequitable results, disincentivizing good governance, lack of public notice, and regulation by enforcement set out above.
The principles that guide our enforcement of the law were intended to be technology neutral. Regardless of the underlying technology, our enforcement principles remain the same: i) adherence to the authority that Congress has granted us in the CEA; ii) not picking winners and losers; iii) incentivizing behavior calculated to enhance compliance with the law; iv) soliciting public input on significant policy issues before us; and v) transparency with respect to who we will hold accountable and for what.
These principles have served the Commission well throughout its 45-plus year history, including periods of incredible technological innovation such as the transformation of futures trading from open outcry to electronic trading. Yet, today’s actions abandon these principles. Accordingly, I respectfully dissent.