Securities and other regulations in context of DEFI
This article is not legal advice. I am not a securities lawyer and please do not take this post as the primary basis of your operations. I absolutely intend to do significant generalizations, which may or may not be applicable to your specific situation, so make sure to validate if what I say here applies to you.
I do however have a significant amount of experience in the securities space and have authored several disclosure documents including full retail prospectuses, PDS as well accredited only IMs etc. I am involved in the DEFI space and get asked about the intersection of DEFI and securities regulation in particular a lot.
To that effect, this post is an effort to put my thoughts in one place and share it with the community who can decide for themselves what they are worth. These are my personal thoughts alone and in the context of this article, I am not speaking on behalf of any of the entities I am involved in.
There are a few key regulatory matters in DEFI space:
- Securities regulation, are the DEFI products floating around securities /financial products
- Issues around AML KYC CTF
Lets start with the first one.
While securities regulation varies by country, the underlying principles are quite consistent across jurisdictions, especially in the western world.
The primary objective is to protect retail investors. The definition of retail investors is based off exclusion but it generally boils down to mom and pop types who do not have a lot of money, nor a lot of experience in dealing with financial matters.
This is important because securities and financial products are generally virtual assets. Their worth is often based on the value of other assets and even intangibles such as efforts of a specific person or group of persons.
This means valuing them is often fraught and not so simple. Things can and often do go terribly wrong. So an investment in a stock has the potential to make you a millionaire, but also can lead to losing all of your investment.
This means there is significant hazard for those who play with it. And while there is something to be said about personal responsibility, state actors have decided that they have a role in protecting smaller investors who may be especially susceptible.
Most regulators try to protect small investors by offering a 2 prong defense:
Disclosure pertains to ensuring that small investors are provided enough information about what they are about to get in. It usually translates to 50 pages of “How you can lose money” warnings alongside the details of the business. There are specific standards on the type and amount of information that is being provided.
Audits are an after the fact process. These are done to ensure that the entity that is invested in is actually spending the money on what they claimed they are going to spend on. And if they are not, the investors are atleast aware of what is happening.
However there is a bigger preliminary question here, is something that is being offered a security/financial product or not?
Let us take some examples to elaborate.
John sells farm land to investors.
John sells farm lands and offers a JV to investors where he will farm the land and split the proceeds from the sale of the produce.
Ali is a taxi driver, he does a revenue split with the owner of a car Jack where the car driver provides him with the car, and Ali puts in the effort and they split the proceeds.
Jack buys a fully automated driving Tesla and sets it on auto mode where it goes and works for a taxi for hire when he is not using it, thus generating passive income for Jack.
Real estate agent Jim sells an investment property house.
Real estate agent Jim sells an investment property house and also acts as a property manager who collects rent.
Ali opens up a shop, his brother in law Mike gives him some money and they go into business together. Ali takes the onus of running the shop and Mike gets a share of the profits as a passive investor.
Ali sells Mike a vending machine. The vending machine is setup on a strip mall and dispenses bottled water and snacks. Ali periodically replenishes the stock and collects the cash which he then hands over to Mike for a fixed fee for his efforts.
Before we jump in the analysis of each of the above examples, it is worth reading through the SEC guidance.
Framework for "Investment Contract" Analysis of Digital Assets
If you are considering an Initial Coin Offering, sometimes referred to as an "ICO," or otherwise engaging in the offer…
The key portion of the above guidance is:
When a promoter, sponsor, or other third party (or affiliated group of third parties) (each, an “Active Participant” or “AP”) provides essential managerial efforts that affect the success of the enterprise, and investors reasonably expect to derive profit from those efforts, then this prong of the test is met.
The inquiry into whether a purchaser is relying on the efforts of others focuses on two key issues:
- Does the purchaser reasonably expect to rely on the efforts of an AP?
- Are those efforts “the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise,” as opposed to efforts that are more ministerial in nature?
While there are other parameters as well, the above criteria is the clinching one. And this is true in not just digital assets but also real world, run of the mill assets. This is also why before we jump into the analysis of whether certain digital assets are securities, it is worth analyzing the fundamental reasoning first.
Using the above criteria, whether there is a reliance on someone to provide essential managerial efforts or the reliance is more of administrative nature let us review our examples.
- This is clearly a sale of a physical asset only.
- The investors are reliant on Johns effort to generate a profit. Security.
- This is a grey area. Does a taxi driver make more money if he does a better job? Or is he simply reliant on demand of his services at the location and time? I tend to lean towards the latter assuming all taxi drivers conform to a certain standard. However since Ali’s outcomes are dependent on the maximum revenue he makes rather than a fixed fee model he is motivated to perform more (how he will do that, I dont know but Taxi drivers will often exhibit a disregard for safe driving procedures to get to the next pick up and make more money in the same period of time). Ali is not an automaton. He will react to incentives and hence this falls in securities territory because Jacks additional returns are now dependent on Ali’s efforts.
- The guys at Tesla are responsible for the performance of the automated taxi. But they dont get compensated (directly) more based on its revenues. Its performance is fire and forget. Neither is there a day to day reliance on Tesla employees for the performance of the taxi. While this asset generates money it is still property and not a security or financial product.
- Property, not security. Same reasons as above.
- Still property not security. Whether it is Jim or someone else rent is unlikely to change. Jim's actions are administrative and there is no reliance on Jim to make more money from the property. Jim could do a bad job and hence lose money for the owner, but doing an above any beyond job is unlikely to make more money for the owner. Note that there are circumstances where Jim tries to convince the owner to turn it to an AirBnB and offers a profit share for running it in a optimal manner, this could change it to a security offering.
- There is a reliance on Ali to make a profit. Security.
- There is no reliance on Ali. Same reasons as #6. It is a property not a security.
Note that there is a lot of nuance around common enterprise which I have skipped over.
Having established the fundamental premise on which to judge if something is a security or not, lets try to analyze whether Defi offerings are securities or not.
The idea here is not to judge whether specific tokens are securities or not, but rather the dapps and protocols themselves are.
Most project tokens with centralized teams driving their adoption would tend to be securities, albeit some disclaimers can be applied to this statement.
However most dapps are not securities/financial products based on the active participant reliance criteria.
Consider money markets, yield farms, LP positions or automated vaults etc. All of them run off predefined code and well defined set of preconditions which trigger themselves based on various circumstances and scenarios. There is no real time operational reliance on the team or the developer who coded them. The lack of control or influence once something is set out in the wild means there is no real issuer of the product.
The closest analogy is that of the self driving Tesla or the vending machine. There is no reliance on an active participant for a profit outcome. Sure, projects from some founders like Andre Cronje have greater adoption but that would be akin to saying that more people trust Tesla to make better self driving cars than say Volkswagen.
Once you buy the self driving Tesla, it goes and does its own thing.
The same logic applies for synthetic assets such as those from Synthetix, it traces a dollar but the lack of a real issuer and real time intervention by the team means it is more similar to an automated car or a vending machine than it is to shares of Apple.
Even if the synths were tracing Apple or other shares, it makes no difference. There is no reliance on an active participant to ensure that the peg is met. Hence it cannot be classed as a security/financial product.
However where there is active involvement from the core teams in the day to day operations to influence outcomes things start to change. And this is where the push to decentralized governance by various teams actually works against them. The minute you input human arbitrariness, things start getting haywire. The only other defense then remains is that of decentralization. Most projects are not in the same league as that of Ethereum or Bitcoin. Active governance, even if it is under the fig leaf of community has the danger of leading it to being classed as a security.
Uniswap excels in this regard. It is perfectly permissionless. Any one can add any token pair and start trading. No one needs Uniswap team to approve of anything. The team can continue on its core efforts of building a superior product. The UNI token does confuse things a bit though.
We will address AML KYC CTF in a part 2 of this article.