In a new development, the Commodity Futures Trading Commission (CFTC or Commission) has charged that “voting members” of the Ooki DAO are liable for its violations of the Commodity Exchange Act (CEA) and CFTC regulations by facilitating margined and leveraged retail commodity transactions.[1] This is notable because it is the first instance of a federal agency asserting that members of a Decentralized Autonomous Organization (DAO) are liable for the actions of the DAO simply because they were voting members. The CFTC’s action has alarmed many in the crypto community, who believed that the decentralized nature of DAOs would effectively make them immune to U.S. regulations. The action has also drawn dissent within the ranks of the CFTC from Commissioner Summer Mersinger, who took issue with the CFTC imputing liability on the DAO members simply because they were voting members, calling it “an unsupported legal theory amounting to regulation by enforcement.”[2]

Background of Ooki DAO

Ooki DAO is the successor entity of bZeroX LLC (bZeroX) — a blockchain-based exchange founded by Tom Bean and Kyle Kistner in 2019 to allow users to take leveraged and margin positions on different cryptos. To this end, they developed the bZx Protocol, which lets its users contribute collateral to open these leveraged positions on crypto. The position’s value was then calculated by the relative change in price between two selected digital assets over time. The bZx Protocol used a decentralized environment that did not require third-party intermediaries to take custody of the assets. The CFTC alleges that during this time, bZeroX did not maintain a customer identification program (CIP) and explicitly advertised the lack of know-your-customer (KYC) or Anti-Money Laundering (AML) compliance as a positive feature of the bZx Protocol.

The CFTC alleges that in August 2021, bZeroX transferred control of the bZx Protocol to the bZx DAO. Soon after, in December 2021, the entity renamed itself Ooki DAO but continued to offer the same services previously provided by bZeroX.

The CFTC alleges that this change from an LLC to a DAO was enacted deliberately to avoid U.S. regulation. Specifically, the complaint cites communication from the founders to members of the community, in which they describe how they were moving the bZx Protocol to a DAO to make it “future-proof” because if regulators later come to them, they could say that there was nothing they could do because they had “given it all to the community.”[3]

The Actions Against bZeroX and Ooki DAO

The CFTC took two separate actions related to bZeroX and Ooki DAO.[4]

First was an order related to the operations of bZeroX from June 2019 until August 2021, before the bZx Protocol was transferred to a DAO.[5] In that case, the CFTC settled with the founders of bZeroX, Bean and Kistner, for $250,000. The CFTC alleged that during this period, they “unlawfully engaged in activities that could only lawfully be performed by a registered designated contract market (‘DCM’) and other activities that could only lawfully be performed by a registered futures commission merchant (‘FCM’).”[6] The CFTC further alleged that they “did not conduct know-your-customer (‘KYC’) diligence on their customers as part of a customer identification program (‘CIP’), as required of FCMs.”[7]

The second action was a complaint against the Ooki DAO for similar alleged infractions. The CFTC seems to have taken particular umbrage at the founders’ claim that the DAO could not be regulated if it held the bZx Protocol. The CFTC made it a point to dispute this, stating that “[t]he bZx Founders were wrong [that they could avoid regulation]. … DAOs are not immune from enforcement and may not violate the law with impunity.”[8]

Notably, as part of this complaint, the CFTC alleged that Ooki DAO (including under its previous name of bZx DAO) was an “unincorporated association” comprised of token holders “who voted those tokens to govern.”[9] This is important because an unincorporated association is viewed in some states as simply an organization of individuals united for a common purpose, rather than a legal entity separate and distinct from the persons who own or otherwise compose the entity. Accordingly, the members of an unincorporated association do not have the protection from liabilities of the association that owners may have from liabilities of a separately incorporated or organized legal entity such as a corporation or limited liability company. That is, the members of an unincorporated association can, in some circumstances, be held liable for the association’s actions.

In reaching this conclusion, the CFTC equated the DAO to an LLC, stating that “[j]ust as bZeroX (like any LLC) governed the bZx Protocol through the votes of its members (i.e., the bZx Founders), the bZx DAO governed the bZx Protocol through the votes of [] Token holders.”[10] Notably, in the relief requested by the CFTC for these alleged violations, it specifically calls out “members” of the Ooki DAO. First, it asked for “[a]n order finding that Defendant Ooki DAO, by and through its members, officers, employees, and agents, violated Section 4(a) of the Act, 7 U.S.C. § 6(a); Section 4d of the Act, 7 U.S.C. § 6d; and Regulation 42.2, 17 C.F.R. § 42.2 (2021)” (underlining added).[11] Next, the CFTC asks for “[a]n order of permanent injunction prohibiting Defendant Ooki DAO, including all members of the Ooki DAO (i.e., the Ooki Token holders who voted their Ooki Tokens to govern the Ooki DAO by, for example, directing the operation of the Ooki Protocol), and any other person or entity associated with it, from engaging in conduct described above, in violation of 7 U.S.C. §§ 6(a), 6d, and 17 C.F.R. § 42.2” (underlining added).[12] As such, it appears that the CFTC intends to hold members of the Ooki DAO personally liable for its actions.

In a sharp dissent, Commissioner Mersinger criticized the CFTC and the complaint.[14] Specifically, Mersinger stated that:

Unfortunately, I cannot support the Commission’s approach to this particular matter. While I do not condone individuals or entities blatantly violating the CEA or our rules, we cannot arbitrarily decide who is accountable for those violations based on an unsupported legal theory amounting to regulation by enforcement while federal and state policy is developing. For these reasons, I am respectfully dissenting in this matter.

Mersinger laid out the basis for her dissent in four points. First, she criticized the Commission’s legal authority as lacking. She noted that its “approach imposes governmental sanctions for violations of the CEA and CFTC rules based on an inapplicable State-law legal theory developed for contract and tort disputes.” Next, she thought that the Commission “arbitrarily defines the Ooki DAO unincorporated association in a manner that unfairly picks winners and losers, and undermines the public interest by disincentivizing good governance in this new crypto environment.” She also thought that the action was “blatant ‘regulation by enforcement’ by setting policy based on new definitions and standards never before articulated by the Commission or its staff, nor put out for public comment.” Finally, she did not think that the CFTC needed to take this unprecedented step because “the Commission ignores an alternative, well-established basis for imposing liability for the Ooki DAO’s violations of the CEA and CFTC rules in this case—i.e., aiding and abetting liability—that is specifically authorized by Congress and that would solve all of these problems.”

Takeaways and Many Remaining Questions

It is not surprising that a U.S. regulatory agency has acted against the members of a DAO. Generally, the United States has been expanding its reach and enforcement related to crypto across the board. However, it surprised many that the first to act against the members of a DAO was the CFTC, as opposed to the Securities and Exchange Commission (SEC). The SEC has long been considered the more aggressive crypto regulator, while the CFTC was generally considered to have a lighter touch in regulating crypto-based technologies. Here, however, it could simply be that the CFTC found the facts of this case particularly egregious, with the founders openly admitting that they were creating a DAO to avoid U.S. regulation. If so, this may be a one-off action from the CFTC that is unlikely to set a precedent for how the CFTC will approach future actions. However, the more cynical are likely to note that this action let the genie out of the bottle, and precedent shows that regulators are unlikely to relinquish any of the tools at their disposal.

We also noted previously that most DAOs are not wrapped in any legal entity, which leaves their members open to potential legal liability.[15] Here, we see how the Ooki DAO was labeled an “unincorporated association” and the legal liability imputed on its “voting” members. While there are still many questions about how the legal system will handle DAOs, this shows that they are unlikely to avoid regulation simply because they claim to be “decentralized.”

Even in this action, several specific legal questions are unanswered. For example, it is unclear whom the CFTC alleges is a “voting” member. Are snapshot votes (e.g., non-binding votes used as a preliminary measure of support for an action) enough for liability? If you engage in one vote, are you forever liable for the actions of the DAO? Or do you need to vote on a resolution related to the activities that gave rise to the liability? These questions are not yet addressed in the Ooki DAO case, and in many DAOs, membership changes over time.

It is also unclear what aspects will make a DAO into an unincorporated association. Will all DAOs be considered unincorporated associations by default, or will some be considered general partnerships? Will the CFTC be able to reach voting members that do not reside in the U.S.? If not, will the CFTC hold U.S. members to account for the entire legal liability of the DAO?

These are just a few of the many questions people are asking about how federal agencies in the future will handle DAOs.