The CFTC’s DeFi Trifecta: Lessons And Implications For DeFi Participants Inside And Outside The US – Commodities/Derivatives/Stock Exchanges

 ​

On September 7, 2023, the Commodity Futures Trading Commission
(CFTC) announced the settlement of three separate enforcement
actions in the decentralized finance (DeFi) space: namely,
concerning the Opyn protocol and its Squeeth power perpetual
products;1 the Deridex protocol, an on-chain perpetual
contract trading platform;2 and the 0x protocol, Matcha
(its user interface), and its use as a decentralized exchange (DEX)
and DEX aggregator supporting trading in certain third-party
leverage tokens.3

Although the three enforcement actions were announced in a
single press release and grouped together as DeFi cases by the
CFTC, they have important differences and particularities. In this
client alert, we identify potential lessons and key takeaways for
DeFi participants both inside and outside the US and provide a
summary of the factual background, the specific nature of the
alleged regulatory violations, and the penalties imposed in each of
the three enforcement actions. Given that it is currently not
feasible for most DeFi protocols to register with the CFTC as a
swap execution facility (SEF), designated contract market (DCM), or
futures commission merchant (FCM) — let alone to register in
multiple such capacities simultaneously — the fundamental
takeaway from these enforcement actions is that it is imperative
for DeFi teams to be fastidious and take all steps possible to
exclude US users if their protocol may facilitate trading in
derivatives or on a leveraged or margined basis.

In this regard, it is noteworthy that these enforcement actions
drew a strongly worded dissent from CFTC Commissioner Summer K.
Mersinger, who lamented these cases as creating “an impossible
environment for those who want to comply with the law, forcing them
to either shut down or shut out US participants.” Commissioner
Mersinger also noted that there was no indication in any of these
three cases that customer funds had been misappropriated or that
any market participants had been victimized. Indeed, the CFTC’s
own press release acknowledged the substantive cooperation of each
of the protocols in question. Against this backdrop, many industry
voices have warned that these CFTC enforcement actions will
continue to drive DeFi out of the US and stunt innovation.

Notable Takeaways

The CFTC has well-established jurisdiction with respect to
derivatives such as swaps and certain forms of leveraged or
margined transactions in commodities (including digital assets that
constitute commodities). The CFTC can apply these established
aspects of its jurisdiction in novel contexts, including in the
DeFi space. Certain activities with respect to such CFTC-regulated
transactions require registration, which is currently not feasible
for DeFi protocols.
While each of the protocols in question in these enforcement
actions was associated with a US entity or place of business,
offshore teams should take note and carefully scrutinize their US
nexus. In the absence of a path to registration with the CFTC, DeFi
protocols that may facilitate trading in derivatives or on a
leveraged or financed basis should prohibit US users in order to
mitigate their U.S. regulatory risk.
However, as the Opyn enforcement action in particular makes
clear, merely blocking protocol access for users with US-based IP
addresses will not suffice. Although imperfect and by no means
infallible, other risk mitigants may include (i) robust
prohibitions on U.S. users in protocol terms of use, (ii) obtaining
affirmative non-U.S. person status representations upon wallet
connection or with a signed wallet message, and (iii) potentially
even blocking U.S.-based IP addresses from viewing any
protocol-controlled website that promotes or advertises the DeFi
protocol (i.e. beyond just geo-blocking wallet connections
themselves).
Unfortunately, while acknowledging subsequent remedial efforts
made by Opyn, the CFTC did not provide any meaningful useful
guidance on what other steps DeFi protocols can or should take to
prevent access by US users.
The Matcha enforcement action warrants particular attention for
all DEXes, DEX aggregators, and other DeFi protocols, especially
those that allow the permissionless addition of third-party tokens
and trading pairs.
Merely supporting trading in leverage tokens or tokenized
derivatives designed and issued by a third party may be sufficient
to run afoul of the CFTC’s registration expectations. This is
the case even when, as in the Matcha enforcement action, the
protocol in question was not specifically designed or marketed for
trading in derivatives or on a leveraged or margined basis and
would typically be viewed as a venue for spot or cash market
trading of digital assets.
While antithetical to the DeFi ethos and not feasible for
permissionless protocols, DeFi protocols that are able and willing
to do so should consider restricting use of their protocols for
known leverage tokens or tokenized derivatives instruments (e.g.,
via allowlisting and blocklisting tokens). Indeed, the Matcha
enforcement action referenced remedial efforts by the protocol to
prevent trading in leverage tokens going forward.
Notably, the Matcha enforcement action stands in stark contrast
to the recent dismissal of a class action filed in the Southern
District of New York against Uniswap and certain of its venture
capital backers4, which sought to impose liability for
losses associated with certain third-party scam tokens that were
traded through Uniswap’s smart contracts. Albeit in the
different context of securities law-based claims, District
Judge Katherine Polk Failla questioned the logic of holding the
drafter of a software platform or protocol liable for a third
party’s misuse of that platform.

The Opyn Enforcement Action

As alleged by the CFTC, Opyn, Inc. (Opyn), a Delaware
corporation with a principal place of business in California,
developed and operated a digital asset trading platform that
allowed for trading in power perpetuals. These instruments allowed
users to enter into long and short positions the value of which
were based on the price of a particular digital asset squared
(i.e., to the power of two) relative to the stablecoin USDC. For
example, users of the Opyn protocol could enter into a long
position by buying the ERC-20 token known as oSQTH to obtain
exposure to an index that tracked the price of ETH squared. Users
could also establish short positions by minting and then selling
oSQTH, subject to maintaining a particular collateralization ratio
with sufficient assets locked in the Opyn protocol’s smart
contracts. The CFTC alleged that although Opyn took certain steps
to exclude US persons from accessing the Opyn protocol, these steps
were “not sufficient” to actually block US users from
such access.

The Opyn enforcement action contains a number of alleged
violations against Opyn, each beginning from the premise that both
ETH and stablecoins such as USDC constitute “commodities”
for purposes of the Commodity Exchange Act (CEA) and the
regulations of the CFTC thereunder (CFTC Rules). The CFTC then
reasoned that the “power perpetuals” supported by the
Opyn protocols constituted “swaps” for CFTC regulatory
purposes, a term that is broadly defined in the CEA and CFTC Rules
to encompass almost any instrument that derives its value from some
other underlying commodity.5 In addition, the CFTC
reasoned that the trading in oSQTH supported by the Opyn protocol
amounted to an offering of leveraged or margined trading in
commodities to retail customers (i.e., noneligible contract
participants, in CFTC parlance). Such transactions are subject to
regulation as if they were futures contracts unless they result in
actual delivery of the underlying commodity within 28 days.

From these premises, the CFTC found that Opyn had engaged in a
number of violations of the CEA and CFTC Rules:

By operating a multiple-to-multiple trading platform for
executing or trading in swaps (here, the power perpetuals), Opyn
engaged in the activity of a SEF without registering as such (or as
a DCM).
By offering leveraged or margined commodity trading to retail
users, Opyn violated the CEA and CFTC rules in that such
transactions are subject to regulation as if they were futures and
may be lawfully offered only on a DCM (i.e., a regulated futures
exchange).
By (i) soliciting and accepting orders for swaps and leveraged
or margined transactions and (ii) accepting assets to margin or
collateralize such trades, Opyn engaged in the activity of an FCM
without registering as such. In addition, in acting as an
unregistered FCM, Opyn failed to comply with the “customer
identification program” obligations applicable to FCMs, which
are intended to facilitate know-your-customer (KYC) diligence.

The settlement of the Opyn enforcement action ultimately
provided for Opyn to pay a civil monetary penalty of $250,000.

The Deridex Enforcement Action

As alleged by the CFTC, Deridex, Inc. (Deridex), a Delaware
corporation with a principal place of business in Charlotte, North
Carolina, developed and operated a digital asset trading platform
involving a collection of smart contracts deployed on the Algorand
blockchain. By accessing the Deridex protocol, any person with a
digital asset wallet could contribute margin collateral to open a
position in a “perpetual contract” that provided for the
exchange of one or more payments based on the relative value of
STBL2, a stablecoin under the Algorand Standard Assets technical
standard, and some other digital asset. Such positions could be
entered into on a leveraged basis up to a maximum leverage ratio of
15 times at position establishment, subject to the user depositing
collateral of at least one-fifteenth of the position’s value.
The remainder of the leveraged position was financed through
borrowing from a liquidity pool supplied by other Deridex protocol
users, with Deridex and the liquidity providers each receiving a
portion of the interest paid by users on such leveraged positions.
The CFTC alleged that Deridex did not take any action to prevent
access by US users or retail customers.

The alleged violations in the Deridex enforcement action mirror
those in the Opyn enforcement action. Beginning from the premise
that the STBL2 stablecoin and other digital assets constitute
“commodities” for purposes of the CEA and CFTC Rules, the
CFTC reasoned that the perpetual contracts supported by the Deridex
protocol constituted both “swaps” and an offering of
leveraged or margined trading in commodities to retail customers.
As a result, the CFTC found that Deridex had engaged in a number of
violations of the CEA and CFTC Rules:

By offering leveraged or margined commodity trading to U.S.
retail users, Deridex violated the CEA and CFTC Rules in that such
transactions are subject to regulation as if they were futures that
and may be lawfully offered only on a registered DCM. The CFTC also
specifically alleged that Deridex conducted an office or business
in the US for the purposes of soliciting, accepting, or otherwise
dealing in such transactions.
Through the Deridex protocol and Deridex’s website, Deridex
operated a multiple-to-multiple trading platform for executing or
trading in swaps (here, the perpetual contracts) without
registering as a SEF or DCM.
By (i) soliciting and accepting orders for swaps and leveraged
or margined transactions and (ii) accepting assets to margin or
collateralize such trades, Deridex engaged in the activity of an
FCM without registering as such. In addition, in acting as an
unregistered FCM, Deridex failed to comply with the “customer
identification program” obligations applicable to FCMs, which
are intended to facilitate KYC diligence.

The settlement of the Deridex enforcement action ultimately
provided for Deridex to pay a civil monetary penalty of $100,000,
with the CFTC emphasizing that Deridex took prompt remedial action
upon the Division of Enforcement’s inquiry. In particular,
Deridex took steps to place the Deridex protocol into wind-down
mode so that no new deposits or positions could be established.

The Matcha Enforcement Action – One of These Three Is Not
Like the Others …

As alleged by the CFTC, ZeroEx, Inc. (ZeroEx), a Delaware
corporation with a principal place of business in San Francisco,
developed and deployed the 0x protocol and its related front-end
user interface, Matcha. Together, the 0x protocol and Matcha could
be used as a DEX to buy or sell one digital asset for another
digital asset. The 0x protocol and Matcha interface also functioned
as a DEX aggregator, compiling price data from multiple other
DEXes. Thus, by interacting with the 0x protocol and the Matcha
interface, users could trade in digital assets from multiple
sources of liquidity for thousands of different digital
asset trading pairs.

Among the thousands of trading pairs that users could trade
through the 0x protocol and Matcha interface, the CFTC focused on
certain leveraged tokens developed and issued by a third party
unaffiliated with ZeroEx. In particular, the CFTC referenced tokens
issued on both the Ethereum and Polygon networks providing
leveraged exposure that was twice the price of BTC and ETH and that
could be bought and sold through the 0x protocol and Matcha
interface. The CFTC recited that Matcha users transacted
approximately $117 million in trade volume in such leveraged
tokens, but acknowledged that ZeroEx did not charge
trading fees on such transactions.

Focusing on these leverage tokens, the CFTC alleged that ZeroEx
had conducted an office or business in the US for the purpose of
soliciting or accepting orders for off-exchange leveraged or
margined commodity transactions from retail users (i.e.,
noneligible contract participants). Under the CEA and CFTC Rules,
absent actual delivery of the relevant commodity within 28 days,
such transactions are regulated as if they were futures contracts
and may be lawfully offered only on or pursuant to the rules of a
DCM (i.e., on a regulated futures exchange).

Significantly, the CFTC found ZeroEx to be in violation of the
CEA and CFTC Rules notwithstanding that the leverage tokens in
question were designed and issued by an unaffiliated third party.
In this regard, the CFTC referenced its own prior interpretive
guidance that the “offeror” of such transactions includes
persons who present, solicit, or facilitate the use of margin,
leverage, or financing arrangements. The CFTC concluded that by
deploying a decentralized protocol (i.e., the 0x protocol) and
operating a front-end user interface (i.e., the Matcha interface),
ZeroEx facilitated and provided a purchaser with the ability to
source financing or leverage from other users or third parties.

The settlement of the Matcha enforcement action ultimately
provided for ZeroEx to pay a civil monetary penalty of
$200,000.

Footnotes

1 In re Opyn, Inc., CFTC No. 23-40 (Sept. 7,
2023), available at https://www.cftc.gov/media/9211/enfopynorder090723/download.

2 In re Deridex, Inc., CFTC No. 23-42 (Sept. 7,
2023), available at https://www.cftc.gov/media/9221/enfderidexorder090723/download.

3 In re ZeroEx, Inc., CFTC No. 23-41 (Sept. 7,
2023), available at https://www.cftc.gov/media/9216/enfzeroexorder090723/download.

4 Risley v. Universal Navigation Inc. dba Uniswap
Labs et al., No. 1:22-cv-02780 (S.D.N.Y. Aug. 29,
2023).

5 T7 U.S.C. ? 1a(47).

6 Retail Commodity Transactions Involving Certain Digital
Assets, 85 Fed. Reg. at 37,737 n.63, 37,736 n.164.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.