Doubts over DAOs: New CFTC case targets decentralized finance community

On September 22, 2022, the United States Commodity and Futures Trading Commission (CFTC) filed a first-of-its-kind regulatory action against a Decentralized Autonomous Organization (DAO) – the Ooki DAO. In CFTC vs. Ooki DAO, the CFTC alleges that the Ooki DAO violated the Commodity Exchange Act (CEA) by (I) illegal retail trading of commodities with leverage and margin; (II) act as an unregistered futures commission agent; and (III) failing to implement required know-your-customer and anti-money laundering procedures. Simultaneously, the CFTC issued an order filing and settling charges against two individual members of the Ooki DAO, finding them personally liable for violations of the Ooki DAO. These new regulatory actions demonstrate the CFTC’s desire to extend liability for DAO actions to DAO participants, posing new risks for investors and operators of decentralized finance (DeFi) projects, who often incorporate DAOs into their structures.

I. DAO and DeFi

A DAO is a blockchain-based organization controlled by its members that operates through a set of rules (algorithms) deployed via blockchain-based smart contracts. This rule-based behavior gives DAOs their “self-contained” nature. Members of a DAO use DAO governance tokens to control (by vote) the activities of the DAO as defined by the rules embedded in the DAO’s smart contracts – called “protocols”. DAOs are called “decentralized” because DAO governance tokens can be held by any number of people and, in theory, lack a centralized board or set of decision-making officers for the DAO.

DAOs are a common component of many DeFi projects, which have seen a renewed interest from institutional investors in 2021 and the first half of 2022. Some DAO proponents have argued that DAOs are beyond the reach of regulators due to lack of legal identity1, lack of centralized control, lack of jurisdictional locus or the practical difficulty of holding a “dispersed”. , an unidentified group of individuals”2 responsible for violating laws or regulations.

II. CFTC vs. Ooki CAD: Regulatory risk

CFTC vs. Ooki CAD directly challenges DAO supporters’ claims to legal immunity. The CFTC describes the Ooki DAO as an “unincorporated association composed of holders of OokiDAO tokens… who vote those tokens to govern the [Ooki Protocol]3. The CFTC alleges that each member of the Ooki DAO Association is liable “as principal for every act, omission or default of the members, officers, employees or agents acting for the Ooki DAO.” claims against the Ooki DAO – but, in the view of the CFTC, liability for these illegal acts extends to all Ooki DAO token holders who participated in the operations of the DAO by voting their tokens.

On the same day, the CFTC filed Ooki DAOthe CFTC also issued a order accepting settlement with two of the Ooki DAO Token Holders (the DAO Members) regarding the alleged conduct in Ooki DAO. Members of the DAO, in addition to being holders of the Ooki DAO tokens, created and deployed the blockchain-based software protocol through which the Ooki DAO conducted its commodity trading business.5

Ooki DAO members initially operated their project through a traditional legal entity, bZeroX, LLC, and offered their commercial protocol under the bZx brand. In August 2021, bZeroX transferred control of the bZx protocol to the new bZx DAO. Then, in December 2021, the bZx DAO rebranded itself as Ooki DAO – operating the same bZx trading protocol, now trading as the Ooki protocol.

The CFTC characterized this transfer of authority over the bZx/Ooki trading protocol – from bZeroX to Ooki DAO – as an attempt by DAO members to immunize trading activities conducted through the protocol from regulatory enforcement. Indeed, one of the DAO members said the same about the transition to the DAO structure:

We will really prepare for the new regulatory environment by ensuring that bZx is future-proof. So many people in the industry are getting legal opinions right now and lawmakers are trying to decide whether or not they want DeFi companies to register as virtual asset service providers – and really what we’re going to do, it’s taking every step possible to make sure that when regulators ask us to comply, we don’t have to do anything because we’ve given our all to the community.6

In the view of the CFTC, this attempt to transfer responsibility from a traditional legal entity to “the community” has not protected it from regulation; it simply extended liability to the entire association for the alleged illegal acts of the DAO.7

III. Sarcuni vs. bZx DAO: Risk of private litigation

While this is the first example of regulatory enforcement against an unincorporated association of DAO token holders, it is not completely new. Private plaintiffs have used a similar theory of liability against the Ooki DAO and its predecessor, the bZx DAO, in Sarcuni vs. bZx DAO.8 The sarcuni The plaintiffs brought a class action lawsuit for negligence resulting from a cybersecurity breach against the DAOs bZx and Ooki – and other entities – alleging that members of the DAOs formed unincorporated for-profit associations. Plaintiffs further alleged that under California law, an unincorporated for-profit association is treated like a general partnership – subjecting each partner to unlimited personal liability for the debts of the entire partnership. .

sarcuni is still at an early stage – the defendants’ motions to dismiss are pending – but, interestingly, the plaintiffs named in CFTC vs. Ooki DAO to oppose the dismissal and support the liability theory of their unincorporated association.

IV. Not all DAOs are created equal

The The SEC discussed some of these DAO liability issues in its 2017 investigative report on a first DAO – simply named “The DAO” – which suffered a security breach resulting in the theft of approximately $50 million worth of Ether held by The DAO. The DAO was designed as an investment vehicle: token holders could vote for investment proposals that would be funded by a majority. But the SEC reviewed the DAO’s operations, determining that in practice much of the DAO’s business was centralized through a board of custodians selected by the company that created the DAO. The SEC also found that the distributed nature of DAO tokenholders prevented them from effectively exercising real control over the curated proposals presented to them by hand-picked custodians – custodians that the tokenholders did not have. their say in the selection.

The SEC concluded that the dispersed tokenholders and organized DAO proposals resembled a corporation more than a general partnership: “These facts diminished the ability of the DAO tokenholders to exercise meaningful control over the company through the voting process, making the voting rights of DAO token holders similar to those of a corporate shareholder.

V. DAO Risk Assessment and Mitigation

The Ooki DAO and sarcuni the cases demonstrate the risks to token holders from regulatory enforcement and private litigation, respectively. Investors in DAOs and DAO-based DeFi projects should take note of these risks in light of the changing legal landscape. Selecting an appropriate strategy to manage the unique risks posed by DAOs begins with assessing those risks – a fact-based investigation that requires examining the structure, protocols, token distribution, and physical locations of organizers. , token holders and blockchain validator nodes. host the smart contracts of a DAO.

Comments are closed.