Yesterday, the Commodity Futures Trading Commission (CFTC) announced the entry of charges against operators of three decentralized finance (DeFi) protocols.  For the first time, the CFTC charged a DeFi operator—Opyn, Inc. and Deridex, Inc—with failing to register as a swap execution facility (SEF) or designated contract market (DCM). The CFTC also charged these businesses with failure to register as a futures commission merchant (FCM) and failure to adopt know your customer (KYC) procedures and a customer identification program (CIP) as required by the Bank Secrecy Act.  Opyn, Deridex, and a third company, ZeroEx, Inc., were also charged with illegally offering leveraged and margined retail commodity transactions in digital assets.

It's Time to Take Action

As I have stated many times, the absence of regulation directly addressing supervision of the growing digital asset marketplace leaves vulnerable retail customers exposed and lacking long-established customer protections available in other asset classes.  There is broad consensus among regulators, policymakers, and market participants that the markets would benefit from Congressional action and regulatory intervention.  I have advocated for the CFTC to take steps to clarify how we might regulate these novel products.  In the past, in support of the development of legislation, we have worked in collaboration with other market regulators such as the Securities Exchange Commission and self-regulatory organizations such as the National Futures Association and the Financial Industry Regulatory Authority to build regulatory frameworks to increase market stability, enhance market integrity, and protect individual retail as well as sophisticated institutional customers.

Asymmetries of Information

In public speeches, at roundtables, at the largest domestic and international industry conferences and in distinguished lectures at some of the most prestigious universities in the country and abroad including the London School of Economics, the University of Pennsylvania Law School, MIT, Yale, Berkeley, Duke and others, I have pointed to asymmetries of information as ever-present risks, even in our regulated markets, that our agency must confront to protect customers.[1]  In theory, the technology stack for DeFi protocols is highly transparent. Notwithstanding the lack of a universally adopted definition, referring to a platform as DeFi is colloquially taken to mean that all activity related to a transaction happens “on chain.”

Solving the double-spend problem by adopting an alternative, network-oriented verification and validation methodology, DeFi protocols offer the promise of eliminating the expense of intermediaries or middlemen and enhancing market efficiency.  In some instances, however, even though this promise is not realized, a business may adopt the moniker “DeFi.” Certain business models describing their platforms as DeFi employ operational designs that centralize (and thereby obscure) critical transaction clearing and settlement functions “off chain.” There may be valid reasons for designing certain transactional functions in a manner that mitigates risks and enhances efficiency “off chain.”  Yet, the lack of transparency as relates to these functions may mean that the protocol is DeFi in name only (DINO).  As a result, information asymmetries emerge.

In a largely unregulated market like digital assets, information asymmetries may not only be more pronounced, but coupled with near opacity in certain business models, there may be a shroud obscuring information regarding the design and deployment of critical operational infrastructure, necessary risk management and corporate governance protocols (including policies governing conflicts of interest such as conflicts involving affiliated entities), sufficient liquidity reserves (effective recovery and resilience plans), dedicated commitment to the segregation of customer funds and separation of customer property, cyber risk resilience, or general system safeguards.  In the dark, it may be difficult for customers to appreciate real risks and for regulators to use traditional surveillance tools to prevent fraud and market manipulation.

Opyn and Deridex were charged with not maintaining KYC programs and CIPs, meaning evidence suggests that they failed to comply with foundational Anti-Money Laundering procedures.  Not only are these procedures critical to the CFTC’s ability to protect customers, our ability to mitigate the risk of illicit financial transactions depends significantly on our ability to surveil transactions across our markets.  As I have said before, without access to information, the Commission is deprived of a critical regulatory tool to identify the existence, nature, and extent of any wrongdoing.

Notwithstanding the novelty and innovative design of digital asset markets, this observation is equally true.  Lacking basic information regarding customer identity and transparency into the transactions in our markets, we may not have sufficient visibility into our markets’ exposure to illicit transactions.  We will also be stymied in our ability to execute our mission to ensure that consumers are treated fairly and that their funds are safe and available for withdrawal in a time of crisis.

Since the foundation of our nation, platforms that offer trading services have played a vital role in our markets, in price discovery, price accuracy, and facilitating greater efficiency and introducing economies of scale in secondary trading markets.  In addition, these platforms perform critical risk mitigation functions.  For two hundred years, these platforms have been responsible for participating in policing our markets.  They have served as a first-line-of-defense in our financial markets.  This incredible responsibility is part of the privilege of operating as a secondary market trading platform.

With respect to DeFi markets, it is incumbent upon the industry and regulators to introduce a regulatory framework that effectively employs our longstanding body of risk mitigation best practices, including setting aside adequate reserves to address liquidity issues or solvency crises, effective internal controls, risk management oversight, appropriate governance of conflict of interests, and the use of circuit breakers.  These market participants require a careful look to determine if they play an intermediary role that necessitates regulatory oversight. In my opinion, they can and should be regulated.

Protecting Our Markets Now

In the absence of regulation, the agency has brought these three enforcement actions. These DeFi protocols were operating in our markets, at great potential risk to customers in our markets, without oversight or transparency.  As the designated cop on the derivatives beat, the CFTC could not permit such activity to continue unaddressed. We must take steps to protect our markets now.

I remain deeply committed to ensuring that the CFTC focuses intently on its most critical task of protecting retail investors.[2]  Rigorous and high-quality financial disclosures, transparency and reduction of information asymmetries, and surveillance of market participants all serve that goal while at the same time maintaining the financial integrity of our markets.  Until such a time that those tools are available to us for use in the digital asset space, the CFTC needs to continue to bring cases such as the DeFi cases brought yesterday that serve all those goals.

I lastly want to commend the Division of Enforcement on bringing such important cases in this burgeoning field, in particular Jacob Mermelstein, Jack Murphy, former staff member Gates Hurand, K. Brent Tomer, Lenel Hickson, Jr., and Manal M. Sultan.