Last month, the Commodity Futures Trading Commission (CFTC) announced settled charges against three decentralized finance (DeFi) protocols for various registration and related violations under the Commodity Exchange Act (CEA) during the relevant period of investigation. As a result, each entity paid a civil monetary penalty and agreed to cease violations of the CEA. According to a statement by Commissioner Kristin N. Johnson, these latest settlements are the first time the CFTC charged a DeFi operator (e.g., Opyn, Inc. and Deridex, Inc.) with failing to register as a swap execution facility (SEF) or designated contract market (DCM). Moreover, these latest enforcements against DeFi entities arrive soon after the CFTC’s successful enforcement and default judgment against Ooki DAO, which the CFTC alleged was operating a decentralized blockchain-based software protocol that functioned in a manner similar to a trading platform and was violating the CEA (prior coverage of the Ooki DAO enforcement can be found here).

As defined by the CFTC’s Enforcement Director in recent remarks, DeFi protocols are “collections of smart contracts on blockchains that replicate traditional commodity derivatives and spot markets in a purportedly decentralized and permissionless way.” Specifically, in its latest round of enforcement, the CFTC issued orders against several entities:

  • Opyn, Inc. (“Opyn”), a DeFi options trading protocol, offered trading of a digital asset derivatives token called oSQTH, the value of which was based in part on the price of ether (which the CFTC considers a “commodity” for purposes of the CEA). The order found that oSQTH tokens are swaps and leveraged or margined retail commodity transactions and therefore could be offered to retail users who do not qualify as an eligible contract participant only on a registered exchange. The CFTC concluded that Opyn operated as an unregistered SEF. In addition, Opyn allegedly engaged in certain margined retail commodity transactions that could only lawfully be performed by a registered futures commission merchants (FCM). Opyn was also charged with failing to adopt a KYC program as part of a Bank Secrecy Act compliance program, as required of FCMs, and for also failing to effectively block U.S. users from accessing the Opyn Protocol (i.e., Opyn blocked U.S. IP addresses, but the CFTC deemed such a step insufficient to block U.S. persons from ultimately accessing the Opyn Protocol).
  • Deridex, Inc. (“Derididex”), a decentralized on-chain derivatives platform, offered trading of “perpetual contracts,” which the CFTC described as leveraged derivative positions that provided for the exchange of one or more payments based on the relative value of the STABL2 stablecoin and another virtual currency. Among other things, the order found that these perpetual contracts are swaps and leveraged or margined retail commodity transactions and therefore could be offered to retail users only on a registered exchange. In addition, Deridex allegedly failed to conduct KYC diligence on its customers as part of a customer identification program, as required of FCMs.
  • ZeroEx, Inc. (“ZeroEx”), a decentralized exchange (“DEX”), offered users the ability to trade digital assets on its platform on a peer-to-peer basis and maintain custody of their tokens throughout the transaction process. According to the order, such digital assets included “certain leveraged tokens, which provided traders approximately 2:1 leveraged exposure to digital assets such as ether (ETH) and bitcoin (BTC), both commodities.” The order found that these leveraged tokens are leveraged or margined retail commodity transactions and therefore can be offered to retail customers only on a registered exchange.

Recognizing the substantial cooperation of the respondents with the investigation, the CFTC ordered Opyn, ZeroEx, and Deridex pay civil monetary penalties of $250,000, $200,000, and $100,000, respectively, and cease and desist from violating the CEA, as charged.

In a statement about the DeFi settlements, CFTC Commissioner Johnson looked down the road and urged Congress and agencies to work toward more coherent regulation for the growing digital asset marketplace that brings a “framework that effectively employs our longstanding body of risk mitigation best practices.” Commissioner Johnson also noted that Opyn and Deridex were charged with not maintaining KYC programs, which are “critical” to the CFTC’s ability to protect customers and “mitigate the risk of illicit financial transactions.”

In a dissenting statement, CFTC Commissioner Summer K. Mersinger stated that “enforcement is inherently ill-suited to balancing our competing mandates of protecting customers and promoting responsible innovation” and characterized the settlements as essentially registration violations but without any indications of misappropriated customer funds or victimized users of the DeFi protocols.

The CFTC has brought previous enforcement actions against digital asset entities (115 actions and counting, as of September 2023, according to the CFTC). During a recent speech at a Practising Law Institute (PLI) event, CFTC Enforcement Director McGinley spoke about the CFTC’s various actions in the derivatives markets for digital assets and stated, in particular, that DeFi itself is “fraught with unique risks,” and that such protocols can offer digital asset derivative transactions, which, in his opinion, must, “in many cases, be offered on a CFTC-registered platform and comply with required core principles designed to protect customers [including KYC and AML rules and other regulations]”. In stressing that DeFi is one of the focuses of the agency, McGinley stated that “the existence of unregulated DeFi exchanges is an obvious threat to the markets regulated and customers protected by the CFTC, and it is one we have taken very seriously.”