Authors: Miles Jennings, Brian Quintenz, a16z; Compiler: Song Xue, Golden Finance
Recent major enforcement actions and court rulings have shown how different U.S. government actors view web3 regulation. While these actions may be a harbinger of how web3 will be regulated in the absence of new legislation, they can also tell us how new legislation can be enacted to properly regulate web3 to meet policy objectives and provide a path for the industry to thrive in the United States.
Therefore, we thought it would be beneficial to examine, contextualize, and evaluate these actions against our Normative Web3 Applications, Not Protocol Framework (RANP). In particular, we will examine whether these actions are appropriately directed at commercial activities and not against software and its developers, which is a key principle of the RAMP. **We will evaluate them based on their degree of compliance with the RAMP and their application to existing laws. Overall, they generally align with RAMP’s focus on business rather than software, but differ in the application of existing laws. This makes us more optimistic about the current regulatory environment in the US than the industry consensus expects. **
Rating Methodology
As described in Part IV of the RAMP, the approach we use to assess how existing regulations or new legislation should apply to web3 projects begins by examining the nature of the project’s underlying software protocol and whether it may involve regulated activities. If the agreement involves regulated activities, we analyze the appropriate level of regulatory intervention or oversight (or liability) for the particular application referencing the agreement.
As we discussed in Part II of the RANp, even if web3 protocols facilitate regulated activities in a centralized environment, the regulatory priorities of a government or institution should always balance the trade-offs of additional regulation. In general, governments should not infringe on the freedom of individuals to release open source software. Instead, governments should limit their regulatory focus to business-related activities carried out within their jurisdictions, including the use of new technologies to facilitate illegal activities or evade existing regulation. **
Step 1: Protocol Evaluation
We evaluate the nature of a protocol by determining whether it is: (1) open source, (2) decentralized, (3) autonomous, (4) standardized, (5) censored, and (6) permissionless. Regulations that recognize the importance of these characteristics and incentivize protocols to adopt them should result in protocols that promote an open, free, and trustworthy-neutral Internet. In fact, this is how the current base layer of the Internet is designed and how governments view responsibility for the use of the Internet. When protocols exhibit these characteristics, they limit their potential use for regulatory arbitrage, for example, where centralized enterprises seek to evade regulation by using smart contracts deployed on blockchains they control.
In our case studies, we evaluate each protocol against these criteria based on the allegations made by the relevant regulatory authorities (irrespective of whether they are true and accurate), general industry knowledge, and the findings of the presiding judge.
Step 2: Apply for an assessment
The second step of our analysis entails assessing the appropriate level of risk and governance for the application or business using the protocol based on the characteristics of the application or business. We follow the guidelines established for centralized and decentralized exchanges in Part IV of the RAMP. The application of regulations or assignment of liability in our example only applies to situations that are relevant to and address the risks posed by the application or business characteristics.
! [AXNyJkUghf45bHtQv6u4Yb6887wb6LGyYdQy9jGD.jpeg] (https://img-cdn.gateio.im/webp-social/moments-40baef27dd-5a804f09a1-dd1a6f-cd5cc0.webp “7130285”) Same user activity, different user risks, different rules
Among actions involving existing regulations, we assess whether it makes sense to extend such regulations to web3 in the context of RANs, or whether better tailored regulations are needed given given the unique characteristics of blockchain technology. In other words, is the concept of “same user activity, same user risk, same rules” appropriate? Or does the underlying technology mean that similar user activities pose different risks, and specialized rules need to be developed to address those differences? **
Score Summary: A summary of our analysis
The regulatory framework for Web3 activity in the U.S. is yet to be developed, but the actions we analyzed show its potential maturity and present a scenario that is not as dire as many industry commentators claim. Critically, none of the actions we analyzed provided conclusive evidence that regulators or courts were “targeting developers” simply for developing, publishing, or deploying code. On the contrary, there is strong evidence that regulators and courts are often targeting businesses that engage in activities (which include the use of code) that violate regulations, which is consistent with RAMP. This distinction is crucial: targeting developers simply because of releasing code undermines the potential of Web3 and undermines the industry’s future in the United States. And for business activities that prompt violations of existing laws (or the intent of existing laws), a path is created to rationally regulate Web3 and still allow the underlying technology to flourish. **
The SEC’s action against Coinbase and the judge’s analysis of the Uniswap incident make it abundantly clear that the focus is on businesses rather than protocols. ** While the vague and problematic language in the Commodity Futures Trading Commission’s (CFTC) actions has made it more difficult to reach the same conclusion, an overall analysis of the CFTC’s actions and settlements in the web3 space to date suggests that they have not targeted developers or protocols, although there are plenty of opportunities to do so. However, while both the CFTC and the SEC have actions that target businesses, they both have lower ratings due to their approach to enforcement and regulation and their failure to foster innovation.
Otherwise, the actions of the SEC and CFTC are easily distinguishable. The SEC’s actions against the Coinbase wallet are unpredictable rule extensions that would backfire – regulatory guidance and tailored rulemaking will play a greater role in protecting investors and fostering financial innovation. In addition, because there are no clear regulations governing challenged conduct or providing a path to compliance, the action expands the scope of existing regulations to the point of challenging concepts of fundamental fairness and due process.
However, the U.S. Commodity Futures Trading Commission (CFTC) has demonstrated a more principled approach. The regulations used by the CFTC are clearly applicable to the business activity being challenged, and their application is predictable. Based on our assessment, these actions do not violate the concepts of fairness and due process. But we strongly agree with Commissioner Metzinger who argues that a better solution would be to include these businesses in a sandbox or a new regulatory structure to promote innovation. The CFTC’s mission to promote responsible innovation is being undermined by a lack of action to embrace novel derivative structures that can provide consumers with concrete benefits over existing systems.
Our Law Enforcement Action Report Card
Based on our analysis of relevant enforcement actions against Coinbase (wallet), Uniswap, ZeroEx, OPYN, and Deridex, we assigned them the following tiers, followed by a brief analysis of the results of each action. You can also read the full case study here.
! [FAVv3UXOupGpspi78kdjuecbKJVuNn0WUH1vTMAo.jpeg] (https://img-cdn.gateio.im/webp-social/moments-40baef27dd-9145d11dcb-dd1a6f-cd5cc0.webp “7130324”)
Case: SEC v. Coinbase (Wallet)
Rating: F
Status: TBD
The U.S. Securities and Exchange Commission filed charges against Coinbase, alleging that the company operated as an unregistered broker under the Securities Exchange Act of 1934, allowing Coinbase wallet users to trade digital assets through software protocols deployed to the blockchain. The complaint is generally consistent with RAMP, as its focus is appropriately placed on Coinbase’s wallet-related business activities, rather than the development of the wallet’s underlying code or the decentralized and autonomous protocol it uses to conduct transactions.
However, while RANP believes that applications such as wallet transaction functions can be regulated, existing U.S. regulations do not explicitly prohibit such activities. While the SEC’s guidance in this area generally emphasizes that whether or not an activity constitutes acting as a broker generally requires a factual and circumstantial test, the examples in the guidance do not cover the functionality of wallets. In this context, the RANP strongly opposes attempts to address the “regulatory gap” by unpredictably expanding existing regulations, especially when the targeted activities and risks are materially different from those that the existing regulations and guidelines are designed to address. Unfortunately, this is exactly what the SEC has accused Coinbase of providing brokerage services through its wallet.
As a result, the SEC’s complaint is another example of regulatory action that backfires, when regulatory guidance and tailored rulemaking could have better protected investors and fostered financial innovation.
Case: Risley v. Uniswap
Rating: A
Status: The judge’s final order and opinion approving the motion to dismiss
Judge Failla dismissed a class-action lawsuit filed against Uniswap Labs and other defendants that sought to hold those defendants liable for the operation of the Uniswap decentralized exchange protocol and the protocol’s Uniswap.org website interface. Judge Faiira’s decision to refuse to give assistance to the plaintiffs is generally consistent with the RAMP. In particular, her legal reasoning provides strong support for the exclusion of smart contract agreements and their developers from regulation and liability, while also justifying increasing the obligations of web3 applications as the risks they pose to users increase.
Case: CFTC v. ZeroEx
Rating: C
Status: CFTC fees are finalized
The CFTC took action against ZeroEx, Inc. for violating the Commodity Exchange Act (CEA) by facilitating the trading of certain leveraged digital assets through the 0x smart contract protocol and Matcha.xyz website interface. While the CFTC’s use of ambiguous language and reliance on enforcement regulation has created unnecessary confusion about its overall regulatory approach to web3, the CFTC’s actions have generally been consistent with the RANp. The action provides strong evidence that the CFTC’s primary focus remains on enterprise operations applications, rather than autonomous software protocols. This conclusion is also supported by the CFTC’s frequent references to the Matcha interface and the settlement with ZeroEx, which allows U.S. persons to continue to access the Matcha interface after the infringing assets are removed from the interface. At the same time, the infringing assets can still be accessed outside the United States.
But it is true that the CFTC’s approach has failed to foster innovation in the way required by the RANp. Non-profit applications like the Matcha interface should be given flexibility in accordance with applicable regulations to foster innovation, especially where leveraged assets can be safely offered and represent only a fraction of the available assets, as is the case with the Matcha interface.
Nonetheless, the CFTC’s application of CEA to the Matcha interface essentially tracks the regulatory focus of the RANP. This is a rational application of existing laws that make them entirely predictable and avoidable, and reduce potential regulatory arbitrage.
Case: CFTC v. Opyn
Rating: B
Summary: Final settlement of CFTC fees
The CFTC took action against Opyn, Inc. for violating the CEA through a smart contract protocol and opyn.co website interface to facilitate the creation, purchase, sale, and trading of blockchain-based derivatives. As with the actions against ZeroEx, the U.S. Commodity Futures Trading Commission (CFTC) uses ambiguous language and pursues enforcement regulation. Even so, this action generally follows the RANP and provides a stronger signal that the CFTC is focused on regulating businesses, not software: the CFTC appears to be satisfied with Opyn’s application of a stronger U.S. intellectual property blockade following a settlement with the company. At the same time, its products can still be used outside the United States.
Still, the action represents a puzzling failure of the CFTC to support innovation. Opyn’s product is truly innovative and is a perfect example of how programmable blockchains can eliminate many of the risks historically associated with derivatives and perpetual futures.
Still, the CFTC’s actions follow the regulatory focus of the RANp. Opyn operates an interface that promotes illegal activity in the United States, it has failed to effectively prevent Americans from using the interface, and it and its investors promote its products on forums that Americans can access. In addition, the CFTC’s actions are a reasonable application of the current law and are completely predictable.
Case: CFTC v. Deridex
Rating: B+
Summary: Final settlement of CFTC fees
The CFTC took action against Deridex, Inc. for violating CEA rules by operating a digital asset trading platform for leveraged digital assets and derivatives through smart contract protocols and app.deridex.org website interfaces. While the matter has similar issues with ZeroEx and Opyn’s actions in terms of language ambiguity and enforcement oversight, the CFTC’s actions are generally consistent with the RANP and essentially track its regulatory focus. The interface operated by Deridex promotes illegal activities in the United States, and it allegedly blatantly defies U.S. law and fails to make any attempt to stop Americans. Therefore, the CFTC’s actions are a reasonable application of the current law and are completely predictable.
The regulatory environment for web3 is full of opportunities. Across government, participants seem to rightly focus on the activities of enterprises, not developers. This is consistent with the central premise of RAMP.
In addition to this, RANP believes that it is crucial to create new regulations or apply existing regulations to web3 that take into account the different benefits and risks of blockchain technology. The same user activity leads to different risks and therefore requires different rules to produce the same regulatory results. **
The CFTC appears to be the most promising institution to take advantage of this for the next step. Their actions can be seen as more in line with their statutory mandates and regulations, but this is not to justify the agency’s apparent inaction in creating a policy framework around decentralized derivatives products. Promoting responsible innovation is a provision enshrined in the CFTC’s mandate, but it has clearly fallen short of what was expected in this regard. The body has the power to review novel approaches to the derivatives market and exempt existing rules to ensure that innovations are safely adopted. Harnessing this power is key to providing consumers with the option to use new technologies in order to reap the clear benefits, while at the same time protecting against different risks.
