For those longing for the heady days of the cryptocurrency free-for-all, this November is proving to be the start of the winter of your discontent. The US Commodity Futures Trading Commission (CFTC) and the US Securities and Exchange Commission (SEC) continue to take significant steps to regulate cryptoasset markets. On the one hand, the CFTC came out with A Primer on Smart Contracts to raise awareness on what they consider to be important legal, regulatory and cybersecurity risks. On the other hand, a US district court in California’s ruling against the SEC may result in more definitive rulings and guidance on when cryptocurrencies and cryptocurrency exchanges are subject to federal securities laws.
CFTC Releases Primer on Smart Contracts
On November 27, 2018, the CFTC released a presentation primer on the use of “smart contracts” that provides important insight on the potential benefits and significant risks that use of smart contracts presents. A “smart contract” is not necessarily “smart” and it may not be a legally binding contract. And using smart contracts in the context of a regulated market could result in the smart contract itself being a financial product subject to regulation. Depending on the given facts and circumstances, the Primer notes, a smart contract may be a commodity, forward contract, futures contract, option on futures contract, or swap. In addition, the Primer highlights the inherent cybersecurity vulnerabilities within smart contracts, which requires good governance and consultation with counsel qualified to give advice in this technical and novel area.
Produced by LabCFTC, a division of the CFTC focused on engaging with innovators and market participants on fintech issues, the Primer explores the history, characteristics, and potential applications of smart contracts, while also signaling how the CFTC is engaging with this and other emerging technologies that do not fit neatly within current legal and regulatory frameworks.
At a high level, smart contracts are intended to be legal agreements that embody some self-executing computer code, allowing for the automated performance of contractual obligations upon the occurrence of an action or event. For something to be considered a “smart contract,” it generally must be able to:
- Authenticate counterparty identities and ownership of assets and claims of right;
- Leverage outside data sources (called “oracles”) to trigger actions; and
- Automate execution of counterparty obligations in accordance with pre-defined criteria.
Interest in the creation and use of smart contracts has risen significantly in conjunction with the rise of blockchain technology. Indeed, one of the most commonly cited potential benefits of utilizing blockchain technology is the ability to support the use of smart contracts.
The futures and derivatives marketplace is often cited as an example of where existing market structures could be automated and improved through the use of smart contracts, since futures and derivatives products are generally highly defined legal and economic relationships that may be readily digitized and coded.
The Primer notes that the smart contract could be subject to a wide range of legal frameworks, including federal and state commodities and securities laws, tax laws, UCC and ESIGN acts, money transmission laws, and anti-money laundering laws. The CFTC emphasized that laws and regulations apply equally to smart contracts, whether written in computer code or in plain text.
The CFTC warned that smart contracts operating as derivatives contracts must not be used to perpetrate fraud or manipulation, to violate disruptive trading practice regulations, or to be traded by persons or facilities that are not appropriately registered. The Primer also highlights a number of potential risks—operational, technical, cybersecurity, and fraud—and challenges to the use of smart contracts. For example, smart contracts may not function as intended, may be subject to intentional manipulation or fraud by insiders, and may offer limited or no recourse. Counteracting these risks may require new approaches that are not reliant on humans involved in performing the contract. Smart contracts may include nefarious code, may be dependent on third-party systems or data in order to operate normally, may have insufficient backup, and may be incapacitated if such data or systems are unavailable, including curing a cyberattack. Third-party data sources that inform how a smart contract behaves (oracles) could also be manipulated as part of a cyberattack, causing the smart contract to behave in unexpected, possibly fraudulent ways.
For example, say a series of smart contracts implement interest rate swaps that cause a swap dealer to pay out to a number of swap participants whenever interest rates surpass certain predefined levels. The smart contract pays out when data automatically pulled from Bloomberg reports that interest rates have surpassed the pre-defined levels. The various swaps are triggered at a range of levels that make it highly unlikely that the swap dealer would be required to pay out on all of the swaps simultaneously. A malicious actor seeking to harm the swap dealer could cause the smart contracts to all pay out simultaneously and drain capital from the swap dealer by manipulating the data pulled from Bloomberg. Because humans are removed from the process, without other protections in place, the operation of the smart contract could create new risks and vulnerabilities that are not contemplated by the terms of the contract.
To combat these risks, the CFTC urges the use of good governance practices around the use of smart contracts, including governance that clearly defines responsibility for the creation and operation of smart contracts, apportions liability and risk stemming from the use of smart contracts, and establishes mechanisms for dispute resolution.
Finally, the CFTC also emphasized the importance of consulting “competent counsel” when considering whether a smart contract may be a product subject to CFTC jurisdiction. The reference to “competent counsel” suggests that the CFTC is concerned about the quality of advice being relied on for many emerging products and offerings in the fintech space. Consulting counsel with significant regulatory experience and expertise, in addition to technical acumen, should be viewed as an essential part of exploring any use of smart contracts or other emerging fintech products.
Court Denies SEC Early Victory by Declining to Find Tokens Sold to Investors Were Securities
Also on November 27, 2018, a federal district judge in California denied the SEC’s motion for a preliminary injunction against a cryptoasset company for allegedly offering and selling unregistered securities. In denying the SEC’s motion, the court found that the SEC had not (yet) demonstrated that the tokens that Blockvest LLC (Blockvest) had sold to certain “test investors” leading up to an expected $100 million initial coin offering (ICO) in December 2018 were subject to federal securities laws.
Under the relevant standard, the SEC’s preliminary injunction—seeking an asset freeze of Blockvest and to enjoin Blockvest’s founder from buying or selling securities and cryptoassets—could be granted only if: (1) a previous federal securities law violation had occurred; and (2) there was a reasonable likelihood that the wrong would be repeated.
Regarding the first prong, Blockvest had already sold more than $2.5 million in unregistered tokens to the test investors allegedly based in part on misrepresentations that its anticipated ICO had been authorized by the SEC, the CFTC, and the National Futures Association in violation of federal securities laws. Blockvest argued that the tokens were not securities under the SEC’s Howey test because they were designed for testing purposes only and the investors did not have an expectation of profits. Because of these disputed issues of fact, the court could not determine without full discovery whether the tokens were securities. Thus, the SEC could not demonstrate that a previous violation of federal securities law had occurred.
With respect to the second prong, since the SEC’s preliminary injunction was premised in part on blocking Blockvest’s ICO, Blockvest assured the court that its ICO would not proceed without providing advance notice to the SEC. Given that the ICO was no longer planned to go forward, the likelihood of the wrong being repeated was diminished. For these reasons, the court denied its motion for preliminary injunction. To date, the SEC has not filed a new complaint against Blockvest, suggesting that it does not intend to pursue the case further with the ICO now tabled indefinitely.
Coincidentally, on November 28, 2018, SEC Chairman Jay Clayton spoke at a cryptoasset conference, Consensus: Invest, where he described his views on what regulatory issues are confronting cryptoassets. While admitting that bitcoin is not a security under the Howey test, he warned: “If you finance a venture with a token offering, you should start with the assumption that it is a security.” The SEC took this position in the Blockvest case, and while the court found that disputed issues of fact precluded it from determining whether the at-issue tokens were securities, the court may later side with the SEC after full discovery is taken. In any event, the SEC appears poised to continue asserting that tokens—as opposed to cryptocurrencies like bitcoin—most likely are securities subject to federal securities laws.
* * *
The CFTC and SEC’s continuing efforts to educate market participants regarding the legal and regulatory issues around cryptoassets and smart contracts demonstrate their commitment to regulating emerging technologies that fall within their respective jurisdictions. While the CFTC’s primer to the market was prospective, the judicial setback suffered by the SEC is unlikely to slow its march toward greater regulation of cryptoassets—in fact, quite the opposite is likely to be the case.