Keynote Address of Commissioner Kristin Johnson at Digital Assets @ Duke Conference, Duke’s Pratt School of Engineering and Duke Financial Economics Center
Mitigating Crypto-Crises: Applying Lessons Learned in Governance, Risk Management, and Compliance
January 26, 2023
Thank you so much for the kind invitation to join you for Digital Assets @ Duke. An anticipated disclaimer—the remarks that I will share today are my own and not the views of my fellow Commissioners or the Commission staff.
During a media interview last fall, someone asked me what the Commodity Futures Trading Commission (“CFTC”) could do to prevent crypto-market crises that lead to substantial losses for retail customers—and potentially devastating consequences for hard working Americans, too many of whom face fragile financial circumstances. I instinctively replied: we must never allow a good crisis to go to waste.
Today, I repeat that call to action. I am internally and publicly advocating for the CFTC to introduce and actively enforce new regulations consistent with our Core Principles in certain retail markets that may be vulnerable to crises. This approach will ensure parallel customer protections, enhance market integrity and market stability, and mitigate crises in crypto-commodity derivatives markets and possibly other markets as well.
I am also urging Congress to include in any new legislation statutory authority for the CFTC to conduct effective due diligence on any firm—not already subject to the CFTC’s oversight—that seeks to purchase ten percent or more of the equity interest in a CFTC-registered exchange or clearinghouse. I am also encouraging my fellow Commissioners to consider, with the utmost urgency, initiating a notice and comment process to identify a path that ensures that the Commission has greater visibility into the financial health, corporate governance, and risk management processes of any business seeking to acquire a significant equity ownership stake in CFTC-registered entities. While our existing approach, deeply influenced by custom and tradition, serves as an effective soft power in the context of several recent acquisitions of CFTC-registered entities, I am concerned that “moral suasion” may not be sufficient for the hard cases.
In times of crisis, with expanding access to retail market participants, and with increasingly diverse markets, relying on other regulatory frameworks such as anti-trust law and regulation may prove too limited in scope.
Less than two years after FTX’s acquisition of LedgerX, customers, creditors, and market participants serving as counterparties find themselves navigating the dark and troubling waters of FTX’s bankruptcy and its sale of LedgerX. Preliminary bids in the acquisition of LedgerX are due January 25, 2023 and the sales process will likely conclude later this spring. In order to fulfill its customer protection, market integrity, and market stability mandates, the Commission should have the authority to engage in an appropriate level of due diligence during the acquisition of a CFTC-registered exchange or clearinghouse, including one occurring through a bankruptcy proceeding.
These proposed amendments should offer genuine fixes to gaps in our regulation. Some require only Commission action. Others require more. If implemented in real time, these amendments will:
- Enhance customer protection—expanding prohibitions on the commingling of customer assets and codifying segregation of customer money from proprietary (house) money; let’s don’t let folks gamble with Other People’s Money; 
- Prevent liquidity crises by implementing financial resources requirements that obligate firms servicing retail markets to maintain sufficient working capital to sustain operations or, in the event of a liquidity crisis, to ensure an orderly liquidation or wind down;
- Establish requirements for the adoption of conflicts of interest policies; and
- Establish authority for the Commission to conduct effective due diligence on businesses that seek to buy entities registered with the CFTC.
Before diving in, let me just share that it’s great to be here at Duke University. As a tenured law faculty member with an endowed professorship, I have presented research and collaborated on research projects with faculty at Duke’s law school. I had the privilege of developing great relationships with several of the celebrated and esteemed faculty in the diverse disciplines that comprise the vibrant intellectual community here.
As an alumna of the University of Michigan Law School and tremendous supporter of our athletic programs, I must acknowledge that citing the many laudable attributes of this great institution is admittedly a bit difficult for me. Therefore, I will gratuitously interject a “Go Blue!” or “Hail to the Victors” throughout the remainder of this speech.
A little over a year ago, President Biden indicated his intent to nominate me to serve as a CFTC Commissioner. On March 30, 2022, I was unanimously confirmed by the United States Senate and, shortly thereafter, I was sworn in to serve. In the years before I joined the Commission, I learned a great deal about many of the issues at the center of my remarks for today as a transactional lawyer and inhouse counsel for a large financial institution.
Immediately prior to my appointment as a CFTC Commissioner, I spent nearly a decade and a half researching and examining financial crises and systemic risk concerns and teaching financial markets regulation courses on securities, commodity derivatives, and banking regulation as well as courses on corporate governance, compliance and risk management, and the regulation of intermediaries such as broker-dealers, futures commission merchants, exchanges, and clearinghouses.
Over the last several years, my research centered on issues at the intersection of finance and technology, or fintech, focusing on distributed digital ledger or blockchain technology, the theory and implications of disintermediation (or non-intermediation), and the integration of artificial intelligence in finance and throughout society. In fact, a conference organized by a faculty member here at Duke inspired my very first crypto-exchange research project later published in the University of Chicago Law Review.
My most recent publications advocate for the need for heightened regulatory oversight of cryptocurrency exchanges, collaboration among financial market regulators, and the need to introduce, as quickly as possible, critical, foundational risk management, corporate governance, and compliance measures in crypto-markets, especially fledgling firms introducing novel asset classes and operational infrastructure and soliciting retail investors. In the wake of the recent crises, I would suggest an M&M (morbidity and mortality) assessment or post-mortem in order to offer clear insights into the issues at the center of the series of recent crypto firm collapses.
What, one might ask, may be gained from studying crises? First, crises have the potential to create catastrophic costs for customers, creditors, investors, markets, and the domestic and global economy. Second, the factors that lead to corporate governance and risk management failures are often clearly identifiable, easily predicted, and often preventable. Third, firms that experience significant corporate governance and risk management failures often seek bankruptcy protection, only to later re-emerge from bankruptcy to solicit and expose new customers to devastating losses because the firms continue relying on the same deeply deficient (and possibly non-existent) governance, compliance, and risk management programs. Unfortunately, unless these firms learn from this experience and adopt a culture of compliance that effectively alters behavior and closes gaps in risk management and corporate governance, they will find themselves repeating the same cycle.
For almost a decade, but with increasing frequency in recent months, international media headlines repeatedly (sometimes weekly, and sometimes almost daily) present a new cautionary tale. The cautionary tales are woven together by a set of common threads.
An almost 30-year-old CEO launches an international crypto-exchange. Within a few years, the founder and the exchange achieve crypto-celebrity status. At its peak, the exchange captures significant market share—processing a sizable percentage of global coin or token transactions. The firm, organized in a jurisdiction outside of the United States, lacks many aspects of traditional corporate governance including oversight by a qualified, informed and engaged board of directors and management.
All too often, the corporate governance and, compliance systems—including anti-money laundering and know your customer programs, and conflicts of interest policies that prohibit or limit certain transactions (particularly self-serving loans)—may be weak or may not exist at all.
Like lightning striking, in an instant, the exchange suspends trading, shutters the windows for withdraws, silences traffic on its website, and files for bankruptcy protection—leaving customers infuriated, investors stunned, and creditors scrambling in a footrace to the courthouse.
Interconnectedness among crypto-firms amplified by fragile or non-existent risk management, corporate governance failures, and conflicts of interests at individual firms fuels the likelihood of crises.
In the late spring of 2022, a “run” on the fourth largest stablecoin and tenth largest cryptocurrency, TerraUSD (“UST”), led to a precipitous decline in the value of UST and, in tandem, a sell-off of LUNA, its companion token. A broad market sell-off and cascading losses followed. With the onset of a “crypto winter,” a number of highly-influential and central crypto-firms lunged toward bankruptcy. With significant exposure to the TerraLUNA ecosystem, Three Arrows Capital (“3AC”), a Singapore-based crypto-hedge fund, defaulted on a loan to crypto-lender Voyager Digital. On July 1, 2022, less than one week after the default, 3AC filed for bankruptcy protection. Almost on cue, within a week, Voyager halted trades, deposits, and withdrawals and filed for bankruptcy protection. Eight days later, another crypto-lender, Celsius Network, also filed for bankruptcy.
In early November, FTX and BlockFi joined the list of crypto-firms seeking bankruptcy protection; and the list continues to grow—just last week, the crypto lending units of Genesis filed for bankruptcy.
These stories of the devastating losses experienced by unsuspecting retail customers lured by marketing schemes into transactions that rendered their investments worthless—converting customers into general unsecured creditors in crypto firm bankruptcies—leave us with sobering questions and too few answers.
Thoughtful commentators, however, suggest a number of possibilities. Even if we are unable to achieve a first-best policy solution in a single leap, the Commission can take steps to better protect customers and mitigate the contagion of collapsing crypto-firms that may stem the rising tide of crypto-market crises or at least minimize the scale and scope of crisis-generated spill-over effects. Adopting these critical customer protections and risk controls today lessens the likelihood that we will face fresh crises in crypto markets tomorrow.
A week after FTX filed for bankruptcy, I delivered a keynote address at the annual meeting of the Federal Reserve Bank of Chicago Financial Markets Group. I emphasized the need for proactive adoption of internal governance and risk management measures that introduce important know-your-customer and customer identification program obligations, financial resource requirements, limitations on the use and treatment of customer funds, and conflicts of interest policies designed to address transactions with affiliates. I admonished firms that have failed to implement recovery and resilience programs. Businesses operating in our markets must have a day-one plan for how to address a capital shortfall.
Later that same week, at Stanford Law School’s Crypto-Policy Conference, I explained the need for the Commission to have a seat at the table as the court and creditors consider an appropriate buyer in the sale of non-debtor LedgerX. While there has been a general acknowledgement of the need for any buyer to be “familiar with” the Commodity Exchange Act (“CEA”) and CFTC regulations and a historic acquiescence to Commission inquiries, regulations only provide that the CFTC receive notice of the transfer of equity ownership. Particularly in times of crises, such a low threshold may not be sufficient to ensure that the Commission receives meaningful access and information regarding all material aspects of the transaction in real time.
Today, I would like to expand on some aspects of my earlier presentations of these concerns.
- Identifying Solutions for Crypto-Crises
Too many crypto-market firms are careening toward crises. While Congressional action may be a first-best solution, firms can take immediate action to address some of the challenges that are triggering crises.
The CFTC’s remit is overseeing the commodity derivatives markets and our mission is to promote the integrity, resilience, and vibrancy of the U.S. derivatives markets through sound regulation. This policy mandate includes an obligation to guard against illicit activity and ensure market integrity and market stability to advance the safety and soundness of derivatives markets.
As a recent point of reference for how and why we carry out this mission, many would point to the global financial crisis in 2008 that concluded with Congress directing both the CFTC and the Securities and Exchange Commission (“SEC”) to bring order to the over-the-counter swaps market by introducing centralized clearing.
I’d start a short while after those events.
A little over a decade ago, a precipitous decline in the value of high-yield, European sovereign debt roiled markets. Commentators and pundits marveled. Investors hurriedly assessed exposure, and, where possible, took steps to liquidate holdings. While some succeeded, others did not. Unable to unwind or exit troubled positions, many investors and market intermediaries faced liquidity crises.
MF Global, a prominent futures commission merchant (“FCM”) and broker-dealer, is among the most infamous firms that unraveled during this crisis. Jon Corzine, Goldman Sachs alum and former Governor and Senator of New Jersey, adopted a strategy to enhance the firm’s perceived profitability. MF Global structured a portfolio of “repurchase to maturity” bonds, bonds that paid large coupon rates, enabling MF Global to record profits up-front. Later the bonds were posted as “collateral for short-term borrowing” and delayed any risk to the firm’s balance sheet until maturity. Simply stated, MF Global claimed as revenue the difference between the coupon rate of the sovereign bonds and the interest rate it paid on the loans.
Taking advantage of the illusion of this shell-game styled approach, MF Global’s balance sheet vastly exaggerated the firm’s revenues and profits and under-reported the firm’s European sovereign debt exposure—reporting its exposure as $6.3 billion when, in fact, its actual exposure was likely double this figure—something like $11.5 billion.
Many of you are all too familiar with the events that followed. A steep decline in sovereign debt markets triggered demands for increased margin, and balance sheets and bank statements demonstrated insufficient liquidity to maintain positions. In an attempt to stave off a run, creditors’ demands, efforts to unwind repo counterparty positions, and attempts to liquidate proprietary positions at fire sale prices, MF Global made the unacceptable and catastrophic decision to misappropriate customer funds.
Shortly, thereafter, MF Global’s parent company filed for bankruptcy revealing MF Global’s misappropriation of $1.6 billion in customer funds. MF Global was registered with the CFTC as an FCM and with the SEC as a broker-dealer.
The CFTC’s response was swift and unequivocal. As I mentioned earlier, and will note in my closing comments, segregation of customer funds is fundamental to our markets. The CEA expressly prohibits firms like MF Global from (i) commingling customer and proprietary funds (i.e., house funds) and (ii) using customer funds to support proprietary transactions.
Customer protection is a foundational and core principle of our market regulatory framework. Several specific provisions of the CEA direct the CFTC to adopt regulation to this effect. I’ll outline some of the specific regulations adopted to ensure customer protection in traditional financial markets, several of which comprise part of the Commission’s response to the regulatory gaps demonstrated by the decisions at MF Global.
Customer funds consist of margin collateral posted by customers of FCMs to cover exposure under their futures contracts. Section 4d(a)(2) of the CEA requires each FCM to segregate from its own assets all money, securities, and other property deposited by futures customers to margin, secure, or guarantee futures contracts and options on futures contracts traded on designated contract markets.
In addition, Section 4d(a)(2) of the CEA requires an FCM to treat and deal with futures customer funds as belonging to the futures customer, and prohibits an FCM from using the funds deposited by a futures customer to margin or extend credit to any person other than the futures customer that deposited the funds. After the collapse of MF Global and Peregrine Financial Group, the Commission thoughtfully and meticulously supplemented the protections embedded in Commission regulations 1.20 through 1.30, and 1.32 to enhance customer protections and transparency at the FCM level.
Two hard truths from the MF Global implosion parallel the characteristics of crises in crypto-markets. First, governance and risk management failures can and often do lead to crises, including liquidity crises. Second, apart from undermining the reputational integrity of the industry and fueling calls for harsh regulatory and legislative action, these failures all too often impose tremendous costs that fall disproportionately on customers.
For anyone who doubts this observation, consider the recent failure of FTX.
As we begin to better understand the events that led to the FTX bankruptcy, a few facts are fairly clear. Customers, investors, and creditors face staggering losses. We continue to see knock-on effects across the industry and we are months, if not years, from fully unraveling the Gordian knot of conflicts of interest, an absolute failure of corporate governance, absence of effective internal controls, and transactions with affiliated entities.
- Applying the Lessons Learned: Accessible Solutions
Now, let’s identify a path forward that mitigates the number and scale of crises. There are many entrepreneurs and emerging firms in the crypto ecosystem and the financial services sector more broadly seeking to develop businesses that make valuable contributions to the economy and markets. For those firms, I believe there are critical lessons from the crises we have explored today that merit consideration.
When FTX filed for bankruptcy protection from creditors, regulators received a deluge of criticism. Too few of those critics recognized that FTX’s parent company was organized outside of the United States and FTX representations indicated that US customers were not trading on its platform. As a result, the CFTC and other regulators generally had limited visibility into the operations of the firm.
FTX did, however, in late 2021 acquire an ownership interest in one registered market participant—LedgerX. LedgerX is in fact not a debtor in FTX’s bankruptcy proceeding. What might explain the disparate outcomes for customers, creditors, and investors in LedgerX and FTX?
I’ll quickly observe here that as of the day of FTX’s bankruptcy filing, the CFTC had boots on the ground at LedgerX, an entity that had been subject to periodic examinations and review, had adopted risk management, governance, and cyber systems safeguards required by our regulations for any registered exchange or clearinghouse. And, perhaps most importantly, the Commission staff has engaged in daily communication with LedgerX and related third-party service providers, banks and other payment platforms, to ensure that all of LedgerX’s customer funds are accounted for. Finally, LedgerX has been subject to financial resource requirements that obligate the firm to hold in reserve working capital to ensure the integrity of the firm as a going-concern and sufficient resources for an orderly wind-down if such a process becomes necessary. Many of these protections, however, emanate from LedgerX’s amended order of registration as a DCO and Commission practice and general core principles instead of codified regulatory requirements.
Let me say a few final words and close.
First, we can observe several lessons from the recent crises in crypto-markets. Some of the lessons should prompt market participants, investors, and creditors to take immediate action to order their own internal affairs. We have long explored the contours of corporate governance in TradFi markets and there are benefits to leveraging the governance, disclosure, and risk management lessons learned from crises in other markets—OTC and exchange traded derivatives (Lehman, Bear Sterns, and MF Global) or capital markets (Enron, WorldCom, and Tyco).
I am urging Congress to consider adding provisions to any proposed legislation that alters other aspects of the CFTC’s jurisdictional authority to ensure that parallel protections will exist for customers in intermediated and non-intermediated markets and customer funds held at FCMs and DCOs. I am encouraging my fellow Commissioners to consider supplementing current regulation to begin to implement the same protections. Drawing from the example of disintermediated clearing, I am advocating for regulation that formalizes the obligation to segregate customer property, ensures that appropriate risk-based financial resource requirements apply to any firm operating in our markets, and introduces tailored and effective governance, and risk management controls.
Through my role as sponsor Commission’s Market Risk Advisory Committee, I am standing up a Future of Finance Subcommittee that I hope will engage in a collaborative dialogue with market participants, consumer advocates, fellow regulators at other agencies such as our sister regulator the SEC, and regulators from international jurisdictions. Our markets are global and my goal in service is to preserve the stability and integrity of our global markets and create effective customer protections that reduce the risk of crises.
Finally, I have consistently urged Congress to adopt well-tailored legislation that closes the current gap in the oversight of crypto spot markets. In light of the rapid movement in other jurisdictions to adopt crypto regulation, I have been engaged in conversations with regulators around the world. The contours of this legislation are still under construction.
Thank you so much for allowing me to join you for the conference this week. I look forward to a rich and thoughtful discussion of these and other topics.
 LedgerX is registered as a derivatives clearing organization (DCO), designated contract market (DCM), and swap execution facility (SEF). As a DCO, Commission regulation 39.19(c)(4)(ix) requires LedgerX to report a change in the ownership or corporate or organizational structure of the DCO or its parent(s) that would (1) result in a greater than ten percent change of ownership of the DCO, (2) create a new subsidiary or eliminate a current subsidiary of the DCO, or (3) result in the transfer of all or substantially all of the assets of the DCO to another legal entity. See 17 CFR 39.19(c)(4)(ix). Similarly, as a SEF and DCM, within 10 days of entering into a firm commitment to transfer equity interest, Commission regulations 38.5(c) and 37.5(c) require notice. See 17 CFR § 38.5(c)(1)-(2) and 17 CFR § 37.5(c)(1)-(2).
 Last week, the Bankruptcy court approved the bid procedures for LedgerX. See Order (A) Approving Bid Procedures, Stalking Horse Procedures and the Form and Manner of Notices for the Sale of Certain Businesses, (B) Approving Assumption and Assignment Procedures and (C) Scheduling Auction(s) and Sale Hearing(s), In re FTX Trading Ltd., No. 22-11068 (JTD) (Bankr. D. Del. Jan 12, 2023), ECF No. 487.
 See e.g. Louis Brandeis, Other People’s Money and How The Bankers Use It (Pantianos Classics 2021) (1914).
 There are a number of recent examples of such transfers in digital asset markets. Consider, for example, several recent acquisitions. In 2021, West Realm Shires, Inc., an affiliate of FTX.US acquired LedgerX. In 2022, Coinbase acquired bitcoin futures exchange FairX (operating as LMX); CBOE acquired ErisX; and Foris (Crypto.com) acquired Small Exchange and NADEX.
 Kristin N. Johnson, Regulating Cryptocurrency Secondary Market Trading Platforms, 1/8/2020 U. Chi. L. Rev. Online 1 (2020).
 Kristin Johnson, Decentralized Finance: Regulating Cryptocurrency Exchanges, 62 William and Mary L. Rev. 1911 (2021).
 Paul Kiernan, Yellen Renews Call for Stablecoin Regulation After TerraUSD Stumble, Wall St. J., May 10, 2022, https://www.wsj.com/articles/yellen-renews-call-for-stablecoin-regulation-after-terrausd-stumble-11652208165.
 Chapter 15 Petition, In re Three Arrows Capital, Ltd., No. 1:22-BK-10920 (Bankr. S.D.N.Y. July 1, 2022).
 Chapter 11 Petition, In re Voyager Digital Holdings Inc., No. 1:22-BK-10943 (Bankr. S.D.N.Y. July 5, 2022).
 Chapter 11 Petition, In re Celsius Network LLC., No. 1:22-BK-10964 (Bankr. S.D.N.Y. July 13, 2022).
 Chapter 15 Petition, In re FTX Digital Markets Ltd., No. 1:22-BK-11516 (Bankr. S.D.N.Y. Nov. 15, 2022).
 Chapter 11 Petition, In re BlockFi Inc., No. 3:22-BK-19361 (Bankr. D.N.J. Nov. 28, 2023).
 Chapter 11 Petition, In re Genesis Global Holdco LLC, No. 1:23-BK-10063 (Bankr. S.D.N.Y. Jan. 19, 2023).
 See Digital Commodities Consumer Protection Act, S. 4760, 117th Cong. (2022); see also Lummis-Gillibrand Responsible Financial Innovation Act, S. 4356, 117th Cong. (2022).
 Under Part 38 of the Commission’s regulations, the Commission may require a DCM to submit information related to its business as a DCM and may also require it to submit a written demonstration, with support, that it is in compliance with one or more core principles or to show that it satisfies its obligations under the CEA. In the event that a DCM enters into an obligation to transfer an equity interest of ten percent or more in itself, it must notify the Commission. 17 CFR § 38.5. Similar requirements apply to SEFs and SDRs. See 17 CFR §§ 37.5, 49.5.
7 U.S.C. § 6d(a)(2).
 See 17 CFR. §§ 1.20, 1.30, 1.32. Similar customer protections were adopted for cleared swaps customers under Section 4d(f) of the CEA and implemented in Part 22 of the Commission’s regulations. See 7 U.S.C. § 6d(f); See also 17 CFR §§ 22.1-22.17.
 See supra note 1.