How to Launch Legally Compliant DeFi Applications: SEC’s and Crypto Mom’s Perspectives
Introduction: Background on SEC’s Cryptocurrency and DeFi Regulation
The U.S. Securities and Exchange Commission (SEC) has long resisted the total acceptance of blockchain and its enabled decentralized finance (DeFi) ecosystem, including cryptocurrencies (such as Bitcoin), digital securities with a utility value and DeFi applications on a blockchain, which resulted in a number of complex and often contradictory regulations applicable to DeFi. The purpose of this report to shed light on recent developments at the SEC and provide guidance to those who might be considering participating in, developing or incorporating DeFi projects and applications.
While the emerging DeFi ecosystem remains a novelty to many businesses, its evolving regulatory structure will ultimately bring it into widespread use, particularly in money transfer services, financial services, and the technology sector. In this dynamic regulatory environment, people have been watching with interest as government agencies struggle to legitimize and regulate cryptocurrencies, digital securities and DeFi sector.
When they were written, most federal and state laws governing currency, financial services, taxes, and money laundering never contemplated the use of digital currencies, other blockchain tokens or DeFi. In fact, only a handful of states have laws that address even the relatively widely adopted virtual currencies, and there is very little case law. Accordingly, the U.S. Treasury requires any businesses that hold or transmit a virtual currency, as well as DeFi projects, to comply with the same laws applicable to financial services businesses.
Participants in the blockchain and FinTech space, from users to DeFi projects to investment funds, need sound advice about structuring and launching DeFi projects and applications. However, with the fast-paced nature of new developments in this industry, it is important to comply with tax and consumer protection laws, know-your-customer (KYC) and anti-money laundering (AML) regulations, as well as the dynamics of local and international markets.
To stay on top of the emerging and potentially lifechanging DeFi industry, it is important to convey the latest and most relevant dialogue in the FinTech space related to decentralized finance (DeFi) and DeFi application development, including the pitfalls, and potential regulatory issues for software developers.
In summary, here are some of the top things DeFi application developers and other project participants need to know to reduce the risks associated with the SEC regulatory compliance:
- It is important to think through potential scenarios before starting any DeFi project and determine who will be the responsible parties if something goes wrong, preferably a compliance officer with practical experience in fintech (i.e., who will be dealing with the regulators?)
- The SEC’s FinHub is a resource by which one can research the SEC’s guidelines related to blockchain, cryptocurrencies, decentralized applications and regulatory guidance for DeFi applications.
- It is advised that DeFi project developers set up a virtual meeting with an SEC officer to gain insight about what the potential issues might affect the project or trigger an SEC investigation.
- The SEC Commissioner Hester Peirce’s recent policy draft proposal for a “safe harbor,” under which companies launching crypto and DeFi projects would receive a three-year grace period to build and empower their networks before the SEC could take enforcement action against them for possibly offering unregistered securities via their blockchain networks.
- A DeFi project involving so-called “utility tokens” should fail the Howey test, so that the SEC will not view the blockchain tokens as an investment contracts and subject the DeFi project to federal securities laws.
- The SEC’s report on decentralized autonomous organizations (the DAO report) states that offers and sales of digital assets from DAOs are subject to federal securities laws.
- Become familiar with other applicable SEC’s guidelines, such as the ones related to Anti-Money Laundering (AML) and Know-Your-Customer (KYC) regulations.
- Be prepared to explain the token development plan in a way that is both achievable and equitable.
- Any holdings, expenses and transactions of the project should be recorded and publicly accessible on a network for complete transparency and for the ease of the exchange of relevant information with the regulators, if necessary.
- As DeFi and other blockchain projects become more ubiquitous, the SEC will step up their scrutiny through enforcement and investigation. It is important to seek legal counsel when responding to the SEC, whether in relation to an investigation or less formal inquiry.
An Overview of the SEC Commissioner Hester Peirce’s Safe Harbor Proposal
Prior to joining the U.S. Securities and Exchange Commission in early 2018 as one of President Trump’s appointees, the SEC Commissioner Hester M. Peirce conducted research on the regulation of financial markets at George Mason University. Commissioner Peirce also served as Senior Counsel to the U.S. Senate Committee on Banking, Housing and Urban Affairs and held many other positions in the legal and government sectors. Having earned her bachelor’s degree in Economics from Case Western Reserve University and her JD from Yale Law School, Commissioner Peirce is uniquely qualified to advise the SEC on new ways to interpret the laws concerning financial regulation. Ms. Peirce was recently sworn in for a second term.
Since its release in February 2020, SEC Commissioner Peirce has explained and defended the nuances of her Safe Harbor proposal in numerous interviews and articles. Many of the best legal and financial minds in the FinTech industry have grappled with how its framework might support the growth of DeFi. While it is encouraging to see a key figure at the SEC asking fundamental questions about regulations surrounding blockchain and DeFi, there are some in the FinTech community who believe her proposal creates as many problems as it seeks to solve.
The SEC and DeFi Challenge
It is important to be aware of the SEC’s role in DeFi regulation, as it is not a single federal agency surveilling the field. The Commodity Futures Trading Commission (CFTC) has one piece of the crypto space; the SEC has another.
- Commodities and derivatives are in the jurisdiction of the CFTC
- The CFTC seems to be more forward-thinking about crypto issues
- Both the SEC and the CFTC are considered capital markets regulators
The mandate of the SEC is to oversee/regulate the securities space, broker dealers, public companies’ filings, make sure adequate information is disclosed to investors, regulate mutual funds and other types of investment companies. While they have interacted with crypto companies, none of these products have made it through the process.
The SEC has extensive jurisdiction in the financial space, and crypto and DeFi currently are just small pieces of that. Commissioner Peirce attributes the SEC’s visibly slow pace adapting to DeFi and the public frustration to this fact.. In addition, COVID-19 has affected volatility and its unique issues are keeping the agency quite busy.
According to Commissioner Peirce, about 5,000 employees work in dozens of regional offices on a day-to-day basis writing rules, enforcing violations, and helping registrants comply with a very complicated rulebook.
The SEC should be more forward-thinking
With so much activity surrounding DApps, FinTech and DeFi, providing an accurate definition of DeFi has become a focus of the agency. Commissioner Peirce thinks that one of the best definitions of DeFi so far is a “technological movement towards decentralizing legacy financial instruments, institutions and use cases, including trading, lending, investment, wealth management, payment, and insurance.”
At a virtual DeFi Discussion conference in May of 2020, Peirce was asked whether there is room for and other structures for regulatory-compliant decentralization, Commissioner Peirce made it clear that she believes the SEC must adjust the way these laws work. “While it can be disarming for many traditionalists at the SEC,” she says, “If there is something that society wants to do, such as come together in a new or decentralized way, the SEC must adapt.”
In terms of community governance, Peirce believes the most important feature for regulators is embracing forward-thinking strategies. As she explained in a recent DeFi conference, “It is Important to think in advance about who will be responsible if something goes wrong. From a regulatory perspective there must be someone who is thinking through scenarios, asking if we will run up against any regulatory issues, who will be responsible for this and who will be dealing with the regulators?”
Peirce opened up about the practicalities of how the SEC interfaces with developers and she recognizes how much work still needs to be done. “There must be an educational component,” she said, “come talk to us and tell us what you’re planning to do to get insight about what the potential issues might be.”
One of the more revolutionary resources available to developers is SEC’s Strategic Hub for Innovation and Financial Technology (FinHub), a portal that aims to streamline communications between the SEC and the public. By using the FinHub, individuals and businesses can present their ideas to the SEC and receive valuable feedback in order to achieve full compliance before rolling out a new product. A meeting with the FinHub representatives may reveal which issues could be problematic, while helping the SEC to address potential pain points, including via by adopting new forward-thinking regulations.
Commissioner Peirce, the “Crypto Mom”
Best known in the FinTech community as the “crypto mom, Commissioner Peirce takes a more progressive stance on regulating DeFi than her colleagues at the SEC and generally believes regulators should resort to a hands-off oversight.
Peirce got to the heart of the issue in a recent DeCrypt interview, when she explained, “The goal of DeFi, as I understand it, is to eliminate intermediaries and to allow people to engage with one another directly, and typically, the way regulators have regulated the financial system is to regulate intermediaries.” She said, “[DeFi] is going to cause [the SEC] to sit down and ask some fundamental questions about regulations.”
As she begins her second term as an SEC Commissioner, Ms. Peirce hopes to tweak existing regulations to improve access to regulated cryptocurrency markets for Americans, while making it easier for crypto companies to raise capital and build DeFi networks. As she told DeCrypt recently, ““My main priority, with respect to anything, and not just crypto, is to allow people in the market to engage in transactions that are mutually beneficial,” she said. Provided, of course, that no one is being defrauded.
A Safe Harbor in the Crypto Sphere?
One of Peirce’s main priorities, for example, is to revise her policy draft for the crypto industry known as the “Safe Harbor,” which would allow crypto and DeFi companies a three-year grace period to build and empower their networks before the SEC could take action against them for selling what might otherwise be described as “unregistered securities.”
However, while many involved in the crypto world see Commissioner Peirce as the industry’s savior, she is less confident about her ability to be a change driver , because of the established bureaucratic mechanism at the agency and system of government as a whole. She may be right about the fate of Safe Harbor, given the initial opinions of her fellow commissioners, but perhaps by being nimble and making the recommended changes to the Safe Harbor proposal, along with DeFi, Peirce will have a better chance in her second term.
In her comments about Safe Harbor, Peirce defines her underlying motivation as an attempt to provide technology innovators with a way to develop new projects without breaking any SEC laws. “It is important to write rules that well-intentioned people can follow. When we see people struggling to find a way both to comply with the law and accomplish their laudable objectives, we need to ask ourselves whether the law should change to enable them to pursue their efforts in confidence that they are doing so legally.”
According to Peirce, the most pressing technical problem facing developers is the ability to raise funds during the ramp-up phase. When building a mature network that is at once functional, decentralized, and independent, it is necessary to freely distribute tradeable tokens to potential network participants. But that “bootstrapping” ability has never been available to application developers.
As Peirce explains in her speech, “Secondary trading of tokens typically provides essential liquidity for the users of the network and aids in the development of the network. She further explains that the application of federal securities laws to these transactions frustrates the network’s ability to achieve maturity, thereby preventing “the transformation of the token sold as a security to a non-security token functioning on the network.”
To resolve this frustration, Commissioner Peirce recommends a three-year “safe harbor” period where the initial team of developers can issue a token and begin the process of building a decentralized network, all while remaining exempt from registration with the SEC. The proposal assures purchaser protection by requiring some disclosures and subjecting sellers to the SEC’s anti-fraud protection laws.
However, in order to become eligible for this exemption, certain requirements must be satisfied. For example, “network maturity” must be achieved in three years, as defined by some rather subjective language in the proposal. The definition of “maturity” in Peirce’s proposal is designed to preclude the network from being “controlled” by any one person or entity, but it leaves a few too many questions unanswered.
Not only are there virtually no current crypto projects where this total decentralization actually exists at the present moment; the proposal also fails to define what measures would be used to determine if a project were sufficiently decentralized. Also unclear is who makes this determination, and what happens if the network fails to reach “maturity” within three years.
According to Reuben Yap (project steward for privacy-first digital currency, Zcoin) in his interview with Thomson-Reuters, it is questionable whether a three-year exemption period is sufficient.
“What happens if after the three-year safe harbor period, the token hasn’t achieved sufficient network maturity?” he said. “The vast majority of projects have not, and even those where it is arguable, took longer than three years. There exists a huge disincentive to then rule it as a security due to the chaos that can ensue. In a way, many feel that EOS, which raised $4.1 billion, got off lightly with a $24 million fine only because of this. It is also questionable whether any network can gain sufficient decentralization after only three years.”
In his article for The Block, (The SEC meets decentralization theater with safe harbors for token sales), Stephen Palley deconstructs the Safe Harbor requirements with aplomb, but he still lands squarely on the side of adopting it. “As far as I can tell, this presents a potentially great way for people to raise tons of money selling digital tokens that don’t have any actual utility. If you can “sufficiently decentralize” your project in three years and, in the meantime, get your tokens listed on an exchange, it’d be a nifty way to make a lot of money if you keep a slug of those tokens for yourself.”
When Commissioner Peirce was asked in a recent interview who is responsible for achieving the goal of decentralization at the three-year mark, she answered this way: “Whoever is building this product, by the time they reach three-year mark they know what they are doing, they are a cohesive group, and they have funding. They will identify themselves as people taking advantage of Safe Harbor. Ideally, they will let the SEC know they are done and that the thing will live on if they go away, but if [an investor] had questions, they would ask the initial development team.”
The DAO Report and Decentralization
On the 25th of July in 2017, the SEC released its decision, commonly known as the DAO Report about a decentralized autonomous organization (DAO), which is also known as a “virtual” organization. According to the report, offers and sales of digital assets from DAOs are subject to the requirements of the federal securities laws. Also known as “Initial Coin Offerings” (ICOs) or “Token Sales,” such offers, are conducted by organizations using a distributed ledger, or blockchain technology.
The “decentralized” and “autonomous” portions of this ruling referred to “an organization represented by rules encoded as a computer program that is transparent, controlled by the organization members and not influenced by a central government.”
While the SEC may recognize the DAO token as an unregistered security offering, a phrase in the report says that “DAO tokens are too widely dispersed to have meaningful control over the enterprise.” When asked to reconcile this phrase with decentralization at the DeFi Discussion (May 2020), Peirce said she was not sure how she would have voted on the DAO if she were at the SEC at the time it was issued.
“I think here they are trying to say – people who are scattered across the world – do they have a real role or a nominal role?” she asked. “Decentralization is a good thing in that it means activity and decision making is spread across a wider group, but the feedback on Safe Harbor has been that people need a better idea of what it means to be decentralized.” She concluded that in this case, the SEC guidance on such a project might be in the form of a question: “If any particular entity or person disappeared, would the [the thing] live on?”
The Importance of Transparency
The way Hester Peirce describes the three-year incubation period in her Safe Harbor proposal is as if it were a delicate ecosystem; a fertile soil in which developers can organically grow their networks. She compares it to a “living, breathing thing that interacts with other projects.”
“Knowing how regulations were promulgated, with an ethos in mind to protect consumers, an important part of Defi is complete transparency,” said Peirce at the DeFi conference (May 2020). “DeFi requires complete transparency to make sure there is no information asymmetry between the creators and users of the product.
“SEC’s mission is protecting investors, facilitating capital formation, and protecting the integrity of the marketplace. DeFi has the ability to contribute to each of these things – bringing people together and matching each other’s needs is the essence of what a marketplace is, and there are ways to build in transparency that would have been unimaginable 100 years ago. Really powerful.”
In a recent article for Medium.com (Cryptocurrency Transparency Is Essential in Marketing A Coin), Steven Krohn attributes the success of ICO projects to best practices implemented by new FinTech companies. The most critical element of success in this space is cryptocurrency transparency. That transparency is achieved in a number of ways, most notably the creation of publicly accessible networks for the exchange of information for all parties concerned, including investors, platform users and regulators. This practice not only builds trust; it makes for a more reliable project that is more widely accepted.
According to Krohn, there are at least three areas where crypto can be more open and transparent.
- The holdings of the business must be clearly communicated, meaning crypto teams should publish asset reports on a regular basis and invite auditors in to review them for accuracy.
- Cost reporting is another area where transparency can be improved. Crypto teams spend a lot to develop code to run the blockchain, set up the network nodes, and ensure global access to the network. Technical development costs, legal fees, and regulatory expenses should also be disclosed in a detailed report of assets and expenses.
- Recording transactions is an important aspect of transparency as well, since serious investors like to see that the majority of coins are not held by a small group of investors. When a small group holds the majority of coins, the price is subject to manipulation, which is often called a “pump and dump” scheme.
“We believe that this must change for crypto markets to be seen as serious and reliable business models. You simply cannot have a business, crypto or otherwise, which fails to share basic information about its income, expenses and assets,” says Krohn. “If we don’t want the markets to collapse under their own weight, we must have more open, transparent and reliable information for everyone.”
Can the SEC be Technology-Neutral?
When asked if the SEC can be technology-neutral, SEC Commissioner Peirce explains, “The securities industry laws have been very prescriptive rules, meaning people only do X, Y, and Z and do it this way only.” She believes the SEC should be responsive as people push them to create more principals-based, or objectives-based, rules. Because technology is changing so rapidly, Peirce always tries to take technology-neutral view, leaving as much room as possible for experimentation.
One of Hester Peirce’s major influences was former CFTC Chair Gensler, who has spoken frequently about the need for regulators to adopt a “technology neutral” stance in order to “promote innovation” in the crypto and DeFi industries.
In an interview with Bitcoin.com, “Former CFTC Chair Advocates ‘Technology Neutral’ Cryptocurrency Regulations” the former CFTC chair stated: “We should … not regulate the blockchain technology, but just ensure that its application, like cryptocurrency, [ensures] investors are still protected. What does that mean? That we make sure there’s not fraud, manipulation, to the extent we can, in the bitcoin markets.”
When asked of the risk of stifling innovation through heavy-handed regulation of the new and rapidly evolving cryptocurrency industries, Gensler stated: “If [crypto] gets broad adoption, if we really think the crypto world is going [to] be part of the future, it needs to come inside a public policy envelope, that means we need to guard against illicit activity, and yes, we need to protect investors. The crypto exchanges, big exchanges like Coinbase, need to really come within either SEC or CFTC … inside of something to protect investors.”
Being technology neutral at the SEC means seeing the benefits of what new technologies can do; it means reimagining things previously taken for granted. When asked about the agency’s neutrality in this area at a recent DeFi Discussion (May 2020), Peirce said, “we can’t be so wedded to the old way of doing things that we say we’re never going to change our rulebook… but this is really hard to do because many humans are resistant to change.” It is clear that Commissioner Peirce is not one of them.
The Future of Stablecoins
The notorious volatility of cryptocurrency has kept many investors out of the market, thereby limiting its utility as a platform for exchanging goods and services, particularly in the COVID era. As the lowest volatility version of crypto, the stablecoin is linked to a “stable asset,” such as the US Dollar.
According to a recent Benzinga article, “Best Stablecoins and 4 Types of Stablecoins,” stablecoins are useful for investors who want to keep their assets in the crypto space. “Switching from crypto to fiat currency can be expensive and time consuming. Stablecoins give investors the best of both worlds — a stable asset within the crypto space with an advantageous transactional speed,” says Chris Davis.
“Because of their relative stability, stablecoins also have an easier time staying in compliance with regulators. The Gemini Dollar (GUSD) and the Paxos Standard (PAX) are 2 examples of coins to win the regulatory approval of the New York State Department of Financial Services.”
In a recent discussion about DeFi, Commissioner Peirce was asked about the newly proposed Managed Stable Coins and Securities Act, and to share her thoughts on the future of stable coins. “There is a lot of interest in stable coins,” according to Peirce. “We are always looking for ways to make our financial instruments more robust and resilient,” says Peirce. “Ways to do that include having more people involved, not being too reliant on any one particular entity. In such a time of increased volatility, DeFi offers the ultimate business continuity plan and that has to be attractive to some people.”
SEC Framework for Investment Contracts: The Howey Test
In April 2019, the SEC laid out a framework for determining which digital assets fall under the category of an investment contract. Using the 1946 Supreme Court decision (SEC v. W.J. Howey), which dealt with the sale of a Florida citrus grove, the SEC’s interpretive guidance concluded that “an investment contract exists when money is invested in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.” (See the SEC’s Framework for “Investment Contract” Analysis of Digital Assets)
Regardless of whether it has any characteristics of typical securities, this SEC framework implies that the so-called Howey test applies to any contract, scheme, or transaction. In addition, federal securities laws require all offers and sales of securities, including those involving digital assets, must be registered with the SEC, or qualified for an exemption from registration. The registrant’s statement must also be complete and not materially misleading.
In her remarks to Thomson-Reuters Tax and Accounting, Peirce said applying the Howey analysis to crypto tokens is not easy. For example, the contract or transaction by which the token is sold may constitute an investment contract, but the token may not bear the hallmarks of a security.
“Conflating the two concepts has limited secondary trading and has had disastrous consequences for the ability of token networks to become functional,” Peirce said. “Also, of concern, suggesting that tokens will increase in value, combined with securing secondary market trading, can trigger a conclusion that those tokens are being sold pursuant to an investment contract. There are circumstances in which the security label fits, but, in other cases, promises made about tokens increasing in value are nothing more than expressions of the hope that a network will succeed and be used by lots of people.”
When asked at a recent DeFi Discussion (May 2020) how she felt about “under construction” cryptocurrencies being registered as securities, Peirce said, “I feel that once a crypto is released it cannot be classified as a security under the Howey test because while it was being developed it may be argued that all of the profits come from the efforts of others. Even if a DAO itself is building it.”
“I think that’s why the Safe Harbor is really useful,” Peirce emphasized, “to kind of cover that period.”
Commissioner Peirce’s safe harbor proposal would provide network developers with a three-year grace period during which they develop a functional or decentralized network without registering with the SEC.
New ICOs and SEC Enforcement Actions
Up until recently, almost every Initial Coin Offering (ICO) has operated under the assumption that tokens are not securities. Many developers continue to hold this position and they need to understand the risks being undertaken, specifically how an SEC decision would be made about their particular project.
Although the DAO report noted that the token vs. security question was based on individual facts and circumstances, the report was also directed to sellers of distributed ledger tokens as a means of raising capital, essentially putting the industry on notice.
A recent article published on Coindesk by Jason Somenatto, The DAO Report: Understanding the Risk of SEC Enforcement, lays out a clear set of guidelines to help the developer know what to expect.
In most cases, when an SEC enforcement action is commenced, a resolution will take many months, if not years, to conclude. “Beyond the sheer length, cost and invasiveness of an SEC enforcement action,” says Somensatto, “developers should consider how their legal position that their tokens are not securities will be resolved,”
As more ICOs are launched, we will see much more scrutiny from the SEC, whether through enforcement actions or investigations. For this reason, it is important to seek counsel when responding to SEC requests, as most will involve expansive document requests, witness interviews and negotiations over potential settlements or charges.
Unless there is a settlement, when the SEC’s investigation concludes, the agency may choose to bring a formal enforcement action through a civil lawsuit in federal court, or through an in-house proceeding. Either action may result in traditional discovery practices, including deposition and document production.
Most people will ultimately settle with the SEC before a lawsuit is filed, resulting in the SEC releasing a public statement about their position. However, if the SEC simply walks away from an investigation into a token sale, that decision will not be made public, meaning no precedent will be set under which others can easily argue that future token sales are not securities. Thus, the risk to others of facing a similar investigation is not negated, leaving future development teams a target for similar investigations.
This is not to suggest that fighting the SEC should be considered a waste of time, however, but developers must realize that a decision about whether a token is a security will require several months of investigation, including much communication between attorneys, and in the end the decision may be made by someone unfamiliar with distributed ledger technology.
An attorney will help to reduce the risk of running afoul of the law, and if the SEC does attempt to investigate, charges may be avoided if a developer has been relying on the advice of that attorney.
In the DAO report, the SEC explicitly noted that their findings were intended to “put the industry on notice.” Knowing this, a a fundamental risk that ICO developers must be willing to accept is an SEC investigation, especially in this new arena where an applicable precedent does not yet exist.
Even with Commissioner Peirce’s Safe Harbor proposal and a growing list of encouraging SEC positions related to token development, the SEC is still way behind in its technology-neutral acceptance of cryptocurrency.
That said, the riskiest players in this industry are still those who blindly continue to use ICOs to raise capital. Before rushing into this space to raise money, developers need to understand the risks of such a strategy and how the issue might be resolved, lest they end up in the SEC’s crosshairs.
Commissioner Peirce has made it clear in numerous interviews how she feels about helping developers who lack the funding for a full regulatory workup. “I always recommend going into FinHub and getting a lay of the land. They are likely to tell you to go hire a lawyer. A lot of people have really studied our securities laws and are trying to be creative, but there isn’t always an easy answer,” Peirce says.
“Be honest and give regulators as much information as you can,” recommends the Commissioner. “Watch the [SEC’s] informational videos and read documents designed to help developers take the first step. This helps them understand what rules might be useful or problematic down the road.