CFTC’s Ooki DAO Action Shatters Illusion of Regulator-Proof Protocol

The Commodity Futures Trading Commission (CFTC) filed and settled charges last week against a blockchain protocol and its founders that could have an enormous ripple effect on the crypto industry.

At first blush, the action seems straightforward: Blockchain protocol bZeroX (bZx) and two of its founders were accused of offering illegal, off-exchange tokenized margin trading and lending services. The company and founders Tom Bean and Kyle Kistner were charged with operating as an unregistered futures commission merchant (FCM) and failing to meet Bank Secrecy Act requirements for gathering customer information.

Bean and Kistner settled for a relative slap on the wrist – a $250,000 civil monetary penalty and a promise not to violate the Commodity Exchange Act (CEA) or other CFTC regulations again. Though violating the Bank Secrecy Act can sometimes land lawbreakers in prison, Bean and Kistner did not face any criminal charges at this time.

The CFTC’s action against bZeroX was fairly routine, except for one thing – the CFTC filed a simultaneous federal civil enforcement action against Ooki DAO, a decentralized autonomous organization (DAO) they say was a “successor to bZeroX that operated the same software protocol…[and violated] the same laws” as bZeroX and its founders.

The CFTC’s enforcement action against Ooki DAO is the first of its kind, and crypto lawyers – including one of the sitting CFTC commissioners – are concerned that it sets a legal precedent for DAO regulation that could have a significant impact on the wider crypto industry.

Piercing the veil of decentralization

In the CFTC’s complaint, the agency argues that bZeroX and Ooki DAO are essentially the same organization, despite Ooki DAO’s language of decentralization. After operating from June 2019 to August 2021, bZeroX transferred control of its protocol to Ooki DAO.

The CFTC seems to take particular issue with Bean and Kistner’s repeated representations of the DAO-ification of their protocol as something that would put it beyond the reach of regulators.

“By transferring control to a DAO, bZeroX’s founders touted to bZeroX community members the operations would be enforcement-proof” the complaint reads. “The bZx Founders were wrong, however. DAOs are not immune from enforcement and may not violate the law with impunity.”

New York-based crypto lawyer Max Dilendorf told CoinDesk the CFTC’s position does not come as a surprise to those paying attention to crypto regulation trends.

“This notion that a founding team can hide behind a veil of decentralization, it falls flat on its face,” Dilendorf said. “Even if a company or a protocol is able to reach the requisite level of decentralization, the regulators will still be going after the individual founders if the product that is being offered on those smart contracts violates either CFTC or SEC regulations.”

Though, as an attorney, Dilendorf found the action predictable, he acknowledged that it might surprise DAO participants.

Speaking to CoinDesk from the Messari Mainnet conference in New York City, Dilendorf said he was “blown away” by the number of people speaking on DAO-related panels at the conference that were either unaware or did not acknowledge existing guidelines from the U.S. Securities and Exchange Commission (SEC) on DAO governance.

“The [SEC] sort of rolled out guidance as to how a governance protocol should look if the DAO were to take a position that it was fully decentralized, literally going step-by-step,” Dilendorf said. “I don’t see a single DAO out there that was able to hit all those issues and comply with guidance… It’s shocking.”

Who is responsible for a DAO’s bad deeds?

What did surprise many crypto lawyers, however, is that the CFTC’s complaint indicates the regulator sees all voting governance token holders as potentially culpable members of a DAO.

Drew Hinkes, a Miami-based crypto lawyer, told CoinDesk that this distinction was not made in the SEC’s 2017 action against The DAO – the only other regulatory action related to an unincorporated DAO.

“On one hand, it’s a very appealing way to determine who should be thought of as ‘governing’ a DAO, given that there is a readily available forensic record on a blockchain of which wallet addresses voted their tokens,” Hinkes said.

However, Hinkes also stressed that such a crude method of determining involvement would also capture token holders who may have voted against potentially illegal actions, or who only voted on irrelevant things, like what to name the DAO.

This issue was at the heart of a dissenting statement from CFTC Commissioner Summer Mersinger, who called the enforcement action “arbitrary and unfair.”

“The Commission’s approach…affirmatively disincentivizes voting participation in DAO governance generally – and particularly those who may want to vote in a manner that effectuates change to comply with the law,” Mersinger wrote. “The Commission’s approach will have a chilling effect that discourages voting, thereby hindering good governance and the development of a culture of compliance in this setting.”

Though the enforcement action opens the door to who can be held responsible for a DAOs bad deeds, how to identify those participants – many of whom are pseudonymous even to fellow members – is another question.

“This was an easy case for the CFTC, because they already knew who the two founders were for the purposes of attaching liability, but it obviously has far-reaching implications for future cases,” Illinois-based crypto lawyer Grant Gulovsen told CoinDesk.

“At the same time, if the authorities in question really wanted to find out who the members [of a DAO] were, I think they could,” Gulovsen said.

‘Regulation through enforcement’

Many in the crypto industry have decried the CFTC’s action against Ooki DAO as a form of “regulation through enforcement” – an accusation that has more often than not been lobbied at the SEC, which has been engaged in a years-long tug-of-war with the CFTC for the role of top crypto regulator.

Jake Chervinsky, head of policy at crypto lobbying firm the Blockchain Association, called the Ooki DAO action “the most egregious example of regulation by enforcement in the history of crypto… The CFTC has put [the SEC] to shame.”

In her dissenting statement, Commissioner Mersinger echoed the industry group’s concerns, calling it “regulation by enforcement, plain and simple.”

While, as Dilendorf pointed out, the action was a “wake-up call” for crypto founders who think a DAO is a shield from regulation, attorneys have also pointed out that it’s a wake-up call for industry participants who have groused about crypto regulation under the SEC, assuming that the CFTC would make a more favorable regulator.

“The fact that the first real enforcement action brought against an unincorporated DAO was by the CFTC, rather than the SEC, is somewhat surprising as the CFTC has generally been viewed as being less aggressive in bringing enforcement actions against participants in the digital asset space than the SEC,” said Glen Chen, a Los Angeles-based attorney at international law firm Ropes & Gray.

“This is a reminder that merely swapping regulators won’t absolve all issues,” attorney Collins Belton tweeted.

Not settled yet

Though most crypto lawyers CoinDesk spoke with agreed that the CFTC’s enforcement action against Ooki DAO could, and likely would, have broader implications for DAO regulation, they also stressed that it was just one action – and not even a settled one, at that.

“There is a tendency to overreact to the latest enforcement action, especially one that appears novel,” Hinkes said. This complaint represents the “best version of the facts as to one specific claim, and those facts are not established at this stage. It is unclear how much of what the CFTC alleges will be accepted by the court.”

“It's too early to conclude that DAOs or other decentralized ventures that govern service protocols and other similar technology systems are dead simply because of this one action,” Hinkes added.

Gulovsen also cast doubt on wider concerns that the action against Ooki DAO would dissuade people from joining or participating in DAOs.

“As long as the DAO isn’t doing anything which violates any laws that would subject the members to personal liability, then it shouldn’t be an issue,” he said. “[The enforcement action] is a big deal, but only to the extent that I believe a lot of folks had gotten complacent because this sort of case hadn’t really been in the headlines yet. Now it has.”

Many people involved with DAOs share the same views as the bZx founders about decentralization making them enforcement-proof, Gulovsen said.

“And just like the CFTC said, ‘That’s wrong.’”