Will the CFTC Blot Out DeFi in the U.S.?
Is DeFi done for in the U.S.? Last week, in one fell swoop, the Commodity Futures Trading Commission (CFTC) sued three separate companies building some of the most respectable decentralized finance protocols. Deridex, Opyn and ZeroEx were all accused of illegally offering financial products to U.S. persons without the proper registration.
What’s not clear is whether those financial products would have been otherwise legal, had the protocols’ developers played by the rules and registered.
This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here.
Is there actually a path forward for DeFi in the U.S.?
In its press release, the CFTC was specific about the labels it would have applied to the DeFi apps. Opyn, for instance, a type of decentralized insurance provider, should have had licenses for a “swap execution facility” (SEF) and “designated contract market” (DCM) as well as a “futures commission merchant” (FCM), the agency wrote.
If Opyn had had those certifications, and added a standard know your customer (KYC) setup to meet the requirements of the Bank Secrecy Act (BSA) would things be different? Or, is there something fundamental about the way DeFi operates that will always cut against U.S. law?
Some industry experts like lawyer Gabriel Shapiro have been saying for months that DeFi is a dead-end in the U.S. Ever since the CFTC sued Ooki DAO, Shapiro has been recommending DeFi protocols find ways to block U.S. users.
As it turns out, Opyn was trying to geo-fence U.S. users from the front end website that interacts with the protocol’s underlying smart contract. It wasn’t enough – at least for the CFTC, which noted “those steps were not sufficient to actually block U.S. users from accessing the Opyn Protocol.”
That’s at least because DeFi itself can’t be ring fenced, only the gangways and apps used to access it’s protocols. By nature blockchain-based tools are global and incapable of discriminating against any potential use – as long as you can pay the gas fees, you can transact (that’s the beauty of blockchain).
And yet, despite the fact that DeFi was built expressly to gut the world’s financial regulation and surveillance, there are still a number of regulators who think regulating DeFi could work. On the same day as the CFTC’s triple whammy enforcement, CFTC Commissioner Caroline Pham proposed a regulatory sandbox for the sector.
“Staying ahead of the curve requires being ready to look to the future and preparing to embrace change,” said Pham, who also runs the agency’s Global Markets Advisory Committee.
Pham’s comments aren’t far off from what CFTC Commissioner Summer Mersinger said in her dissenting opinion to the crackdown on Deridex, Opyn and ZeroEx. Apart from the usual line about the CFTC regulating through enforcement, Mersinger also raised the point that the CFTC failed to demonstrate what the protocol’s actually did wrong.
“The Commission’s Orders in these cases give no indication that customer funds have been misappropriated or that any market participants have been victimized by the DeFi protocols on which the Commission has unleashed its enforcement powers,” she wrote. In other words, where is the liability or the justification for sanctioning them?
This to me seems like the nut of the issue. Although the CFTC hasn’t been expressly tasked with overseeing decentralized service providers, it can still shut them down simply for not filing the right paperwork. Forget whether DeFi is provably more transparent than traditional financial operators, or that it levels the playing field and forces everyone to play by the same rules.
This isn’t to say DeFi doesn’t have its issues. Applications are routinely hacked, token allocations are deeply inequitable and DAOs have proven harder to govern than expected.
As CFTC Director of Enforcement Ian McGinley put it: “Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not.”
The law being broken? Say it with me now: they failed to register.