Executive Summary: The Commodity Futures Trading Commission (“CFTC”) sanctioned a crypto protocol operator bZeroX and its founders for failure to abide various registration requirements. In a separate action that was a first of its kind, the CFTC filed a complaint in federal court asserting that the holders of Ooki Dao tokens who voted on governance protocols were operating an “Unincorporated Association” subject to liability. CFTC Commissioner Summer Mersinger issued a carefully reasoned dissent from the action on several grounds, including lack of statutory authority.
On September 22, 2022, the CFTC issued an order (the “bZeroX Order”) settling charges against bZeroX, LLC and its founders Tom Bean and Kyle Kistner for developing and releasing a blockchain-based software protocol that enabled users to engage in off-exchange leveraged and margined retail commodity transactions in violation of the Commodity Exchange Act (“CEA”) and CFTC regulations.1 The respondents agreed to pay a civil monetary penalty of $250,000 for these violations.
That same day, the CFTC filed a complaint in the U.S. District Court for the Northern District of California against a decentralized autonomous organization (or “DAO”) known as Ooki DAO for similar violations related to its alleged control over the same software protocol.2 The Ooki DAO is an organization comprised of Ooki DAO governance token (“OOKI”) holders who have the ability to vote on the adoption of certain upgrades and changes to the software protocol. The CFTC’s complaint alleges that bZeroX developed and deployed a software protocol and subsequently transferred control over the protocol to the Ooki DAO in an attempt to make it “enforcement-proof.”3
The Ooki DAO lawsuit represents the first civil enforcement action by a federal regulator against a DAO and its members for violations of regulatory requirements.4 One of the key issues in the Ooki DAO complaint is who should be held liable for violations of the CEA and CFTC regulations when the activity is performed through a DAO. According to the CFTC complaint, the Ooki DAO is an unincorporated association, and thus its members are jointly and severally liable for the actions of the association. The CFTC defined the DAO members as each OOKI holder who voted on governance measures, and thus, according to the CFTC, “chose to participate in running [the Ooki DAO] business” of governing the bZx Protocol.5
As discussed further below, CFTC Commissioner Summer Mersinger dissented from the enforcement action because she thought the CFTC should engage in notice-and-comment rulemaking regarding when a DAO member should be held liable for the actions of the DAO. According to Commissioner Mersinger, the CFTC’s decision to pursue liability of DAO members as jointly and severally liable amounted to regulation by enforcement without appropriate notice to the market.
Background: The CEA and Retail Commodity Transactions
Although the CFTC’s jurisdiction over commodity spot markets is limited to anti-fraud and anti-manipulation authority, when retail participants trade commodities on margin or leverage, the CFTC regulates the margined or leveraged trading activity as futures contracts, unless an exception applies. If no exception applies to such transactions, then the retail commodity transactions must, among other requirements, trade on a futures exchange known as a designated contract market (“DCM”).6 Furthermore, entities that facilitate trading in the fully regulated margined or leveraged contracts may need to register with the CFTC. For example, participants that execute orders and accept margin funds on behalf of market participants must register with the CFTC as a futures commission merchant (“FCM”). These transaction-level requirements apply to all retail commodity transactions that involve a U.S. person, irrespective of the type of legal entity that offers or enters into such transactions.
There are two primary exceptions to the CFTC fully regulating commodity contracts traded on margin or leverage as futures contracts. First, trading on margin or leverage is not regulated as a futures contract if the parties to the trading activity are “eligible contract participants” or “eligible commercial entities,” which are definitions designed to identify sophisticated market participants, but exclude retail participants.7 Entities or persons that are not eligible contract participants or eligible commercial entities are often referred to as retail customers. Second, the CFTC does not regulate commodity trading on margin or leverage, even if the parties to the trading are retail customers, so long as the trading in the contracts “results in actual delivery within 28 days or such longer period as the [CFTC] may determine.”8
bZeroX Settlement
According to the bZx Order, from June 2019 to August 23, 2021, Bean and Kistner designed, marketed, and operated the software protocol (the “bZx Protocol”) through their company, bZeroX. During the relevant period, Bean and Kistner controlled bZeroX, were the only members of bZeroX, and were solely responsible for developing the bZx Protocol.
The bZx Protocol is comprised of a collection of smart contracts on the Ethereum blockchain that facilitate margined and leveraged retail commodity transactions.9 The protocol allows any customer with an Ethereum wallet, including retail customers, to post margin to open leveraged positions whose value was determined by the price difference between two virtual currencies from the time the position was opened to the time it was closed. To execute a transaction on the bZx Protocol, a trader posts collateral in the form of ether (ETH) to a smart contract to open a leveraged position based on the trader’s expectation regarding the value of ETH to another virtual currency.10 The smart contract would then borrow the other virtual currency from a bZx Protocol liquidity pool, whose assets were supplied by liquidity providers and received interest-bearing tokens in exchange. The smart contract would exchange the borrowed currency for ETH on a separate decentralized exchange and issue the trader a new token representing the position.11 Positions on the bZx Protocol automatically rolled over every 28 days and could be liquidated at any time.12 The primary benefit that bZeroX touted was that the decentralized nature of the bZx Protocol allowed customers to engage in these transactions without a third-party intermediary taking custody of their assets. The bZeroX website allowed users to transfer assets and open positions on the bZx Protocol and bZeroX collected transaction fees from users, including origination fees and trading fees.13
bZeroX Settlement: CEA and CFTC Rule Violations
The bZeroX Order charges Bean, Kistner, and bZeroX with violations of the CEA because the virtual currency transactions facilitated by the bZx Protocol are considered commodities under the CEA, and were retail commodity transactions that were not executed on or through CFTC registrants. The bZeroX Order referenced ETH and DAI as examples of commodities transacted using the bZx Protocol.
By enabling retail commodity transactions involving U.S. retail customers, bZeroX was required to comply with Section 4(a) of the CEA, which provides that any relevant transaction must be “made on or subject to the rules of a board of trade that has been designated or registered by the CFTC as a contract market for the specific commodity.”14 Because bZeroX was not registered as a DCM with the CFTC, the retail commodity transactions it facilitated through its platform constituted illegal, off-exchange transactions in violation of Section 4(a) of the CEA.
Furthermore, because the transactions traded through bZeroX were also subject to regulation as futures contracts, the bZeroX Order also found that bZeroX violated the CEA for failing to register as an FCM. Specifically, bZeroX solicited and accepted orders for leveraged or margined retail commodity transactions with customers, and also accepted money or property to margin those transactions. As a result, bZeroX met the definition of an FCM, and violated the CEA for failure to register as an FCM during the relevant period.
The bZeroX Order further alleged that bZeroX failed to implement a customer identification program in violation of Regulation 42.2, which requires FCMs to conduct know-your-customer diligence on its customers pursuant to the Bank Secrecy Act.15 Although bZeroX was not a registered FCM, Regulation 42.2 also applies to individuals and entities acting as unregistered FCMs.16 The CFTC alleges that during the period in which bZeroX operated as an unregistered FCM, it did not conduct the required KYC diligence “and in fact explicitly marketed its lack of KYC diligence as a positive feature of the bZx Protocol.”17
Based on these events, the CFTC alleged that bZeroX, Bean, and Kistner illegally facilitated off-exchange retail commodity transactions, illegally operated an unregistered FCM, and failed to comply with customer identification requirements applicable to FCMs under Regulation 42.2. Bean and Kistner agreed to pay a civil monetary penalty of $250,000 for their violations of the CEA and associated regulations.18
Civil Action against Ooki DAO
The CFTC’s complaint against Ooki DAO, including certain OOKI holders, alleges violations of the same laws and regulations as in the bZeroX Order (CEA Sections 4(a) and 4(d) and CFTC Regulation 42.2) and seeks civil monetary penalties and restitution and to enjoin Ooki DAO from continuing to operate the bZx Protocol.19
The CFTC alleges that, on approximately August 23, 2021, bZeroX transferred the smart contract administrative keys for the bZx Protocol, which make it possible to modify and upgrade the protocol, to the Ooki DAO, an unincorporated legal entity.20 Blockchain-based software protocol development companies oftentimes transfer governance authority over a protocol to a20 DAO after developing the protocol for purposes of decentralizing control over the protocol among an unaffiliated, dispersed community of protocol users. The CFTC’s complaint alleges that bZeroX did so in an attempt to make the protocol “enforcement-proof.”21 It argues that “DAOs are not immune from enforcement and may not violate the law with impunity.”22 Because of the Ooki DAO’s unincorporated legal status, the CFTC served process on the Ooki DAO members by submitting documents on the Ooki DAO web forum and through the Ooki DAO website’s chat box.
The CFTC asserts that “multiple Ooki DAO members have resided in the United States and have conducted Ooki DAO business (for example voting [OOKI]) to govern the Ooki DAO and operate the [protocol] from within the United States.”23 The CFTC argues that each member of the DAO should be liable for the alleged violations of the CEA and CFTC regulations because the members participated in operating and monetizing the bZx Protocol. The CFTC’s theory is that state law imposes a default corporate form on persons who agree to form an enterprise while sharing in the profits and liabilities. Such an organization is generally considered to be an “unincorporated association” or “general partnership” under state law and each member is jointly and severally liable for the actions and obligations of the association.
The CFTC’s complaint defines “members” of the Ooki DAO as OOKI holders who used their tokens to vote on governance matters with respect to the bZx Protocol. This definition of an Ooki DAO “member” notably differs from the definition asserted by class action plaintiffs in Sarcuni et. al v. bZx DAO et. al, an unrelated pending lawsuit. In that case, the plaintiffs argue that each OOKI holder should be jointly and severally liable for the unincorporated association’s actions irrespective of whether the holder voted on any governance matters or engaged in any other activity.24 Although the CFTC does not assert that all OOKI holders should be deemed partners in an unincorporated association, as the plaintiffs argue in Sarcuni, the CFTC’s approach invites questions regarding whether voting is the appropriate metric for determining DAO membership status. DAO governance token holders may engage in a broad swath of other activities in connection with a DAO, such as making proposals for upgrades and changes to the protocol, engaging in discussions related to governance on Discord and other communication channels, and participating in DAO committees or “subDAOs.” Under the definition of “member” asserted by the CFTC in the complaint, none of these activities would be sufficient to cause a DAO governance token holder to qualify as a member of the DAO subject to joint and several liability for its actions.25
Statements from CFTC Commissioners
In June 2021, former CFTC Commissioner Dan Berkovitz previewed the issue of CFTC registration requirements for decentralized finance projects (“DeFi”) in remarks to the Futures Industry Association. Commissioner Berkovitz noted that: “Not only do I think that unlicensed DeFi markets for derivative instruments are a bad idea, I also do not see how they are legal under the CEA. The CEA requires futures contracts to be traded on a designated contract market licensed and regulated by the CFTC. The CEA also provides that it is unlawful for any person other than an eligible contract participant to enter into a swap unless the swap is entered into on, or subject to, the rules of a DCM. The CEA requires any facility that provides for the trading or processing of swaps to be registered as a DCM or a swap execution facility. DeFi markets, platforms, or websites are not registered as DCMs or SEFs. The CEA does not contain any exception from registration for digital currencies, blockchains, or “‘smart contracts.’”26
CFTC Commissioner Summer Mersinger dissented from the CFTC enforcement actions against bZeroX, Bean, Kistner, and the Ooki DAO. Commissioner Mersinger disagreed with the CFTC’s decision to define “members” of the Ooki DAO unincorporated association as “those holders of Ooki tokens that have voted on governance proposals with respect to running the business.”27 Commissioner Mersinger listed several reasons why she disagrees with this approach. First, she noted that it fails to rely on any legal authority in the CEA and instead relies on a theory of liability more commonly seen in state-law contract and tort disputes. Second, she believes that it “arbitrarily defines the Ooki DAO unincorporated association” and “undermines the public interest by disincentivizing good governance in this new crypto environment.” Finally, she noted that the Commission had a viable alternative–it could have achieved a similar enforcement result by imposing aiding-and-abetting liability against certain individuals, such as Bean and Kistner, for the Ooki DAO’s violations of the CEA and CFTC rules.
Commissioner Mersinger also expressed concern that the CFTC’s theory of liability for voting members of unincorporated associations constitutes regulation by enforcement, i.e., setting policy based on new definitions and standards never before articulated by the Commission or its staff. She suggested that, rather than adopting its theory of voting member liability in an enforcement proceeding, the Commission should instead have undertaken a public notice-and-comment rulemaking to address the significant policy issues raised by this action. Specifically, Commissioner Mersinger recommended seeking public input on two key questions of ongoing importance in the enforcement context: (1) how to define a member of a DAO that is an unincorporated association; and (2) within the bounds of the statutory authority granted by Congress in the CEA, who the Commission will hold personally liable for a DAO’s violations of the CEA and CFTC rules, and under what circumstances.28 According to Commissioner Mersinger, a rulemaking proceeding on these issues would have more closely adhered to the Commission’s enforcement principles to follow the authority established in the CEA, soliciting public input on important policy issues, and transparency in holding market participants accountable.
1 In the Matter of bZeroX, LLC; Tom Bean; and Kyle Kistner, Order Instituting Proceedings Pursuant to Section 6(c) and (d) of the Commodity Exchange Act, Making Findings, and Imposing Remedial Sanctions, CFTC Docket No. 22-31 (September 22, 2022) (“bZeroX Order”).
2 Commodity Futures Trading Commission v. Ooki Dao, Civil Action No: 3:22-cv-5416 (N.D. Cal{.}) (September 22, 2022) (“Ooki DAO Complaint”).
3 Id. at 2.
4 We note that the U.S. Securities and Exchange Commission (“SEC”) has similarly characterized another DAO, called “The DAO,” as an unincorporated association in a Section 21(a) report of an investigation released in 2017. See Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81,207, 117 SEC Docket 81207 (July 25, 2017).
5 Id.
6 See Section 2(c)(2)(D) of the Commodity Exchange Act (“CEA”).
7 See CEA Sections 1a(17) & (18).
8 See CEA Section 2(c)(2)(D)(ii)(III)(aa).
9 bZeroX Order at 2.
10 ETH refers to Ether, the native virtual currency of the Ethereum blockchain on which the bZeroX Protocol operates.
11 Id.
12 Id.
13 Id.
14 Id. At 7.
15 Regulation 42.2, 17 C.F.R. § 42.2 (2021).
16 CFTC v. HDR Global Trading Limited, No. 1:20-cv-08132, 2021 WL 3722183, at ¶ 39 (S.D.N.Y. Aug. 10, 2021) (consent order) (finding defendant who acted as an unregistered FCM liable for failing to adopt a CIP as required by Regulation 42.2).
17 bZeroX Order at 5.
18 Id. at 13.
19 Id. at 4.
20 Ooki DAO Complaint at 2.
21 Id. at 2.
22 Id.
23 Id. at 17.
24 See Sarcuni et al. v. bZX DAO et al., Case No. SE 3:22-cv-00618-BEN-DEB, at 15 (S.D. Cal) (May 2, 2022).
25 On September 27, 2022, the Sarcuni plaintiffs requested that the court take judicial notice of both the CFTC’s complaint against the Ooki DAO and the bZeroX Order, arguing that the CFTC’s theory of liability supports its argument that the Ooki DAO is a general partnership. See Sarcuni et al. v. bZX DAO et al., Case No. SE 3:22-cv-00618-LAB-DEB, at 11 (S.D. Cal.) (Sept. 27, 2022).
26 Keynote Address of Commissioner Dan M. Berkovitz Before FIA and SIFMA-AMG, Asset Management Derivatives Forum 2021 (June 8, 2021).
27 Dissenting Statement of Commissioner Summer K. Mersinger Regarding Enforcement Actions Against: 1) bZeroX, LLC, Tom Bean, and Kyle Kistner; and 2) Ooki DAO (Sept. 22, 2022).
28 Id.
