Digital Currency & Blockchain Technology
As of today, there is no single agreed-upon definition of Decentralized Finance (DeFi). DeFi generally refers to blockchain-based financial products and services, grounded in digital assets, decentralized applications (DApps), and smart contracts, which are offered to the public without the oversight or control of a centralized party. DeFi projects are generally built upon existing decentralized blockchains such as Bitcoin and Ethereum.
It is helpful to think of centralized versus decentralized finance as a spectrum. Depending upon the specific facts and circumstances of a project, any particular DeFi product or service may be more centralized or more decentralized. Few projects are fully centralized or decentralized. For example, custodial cryptocurrency exchanges (which can be thought of as relatively centralized) still rely on users’ ability to deposit and withdraw cryptocurrency using blockchains run by a decentralized group of miners, nodes, or other validators (e.g., on Bitcoin, Ethereum, and other blockchains).
Similarly, Decentralized Applications (DApps) maintained and run entirely by a decentralized group of users are still generally conceived of and initially created by a business, individual or small group of individuals. In addition, a project’s level of centralization or decentralization can change over time. For example, a pre-minted token might be centralized before launch but become decentralized after launch if validation and governance are conducted by a decentralized group.
These shifts can have important legal implications for the project, including whether the token is considered a security (e.g., US Securities Laws and DeFi) or the project creator a regulated financial institution for anti-money laundering (AML) purposes. Although the breadth of DeFi projects and uses is constantly evolving, many DeFi projects involve one or more of the following:
- Decentralized exchanges (DEX)
- Tokenization of tangible and intangible assets like Gold-backed stablecoins or copyrights on artwork as non-fungible tokens (NFTs)
- Lending and Investing platforms.
The Digital Currency & Blockchain Technology lawyers at Kendall PC provide legal counsel to clients regarding legal, operational, and regulatory aspects of DeFi projects. We employ reputable blockchain investigators to assist us with providing our clients blockchain forensics legal opinions and investigative reports.
To learn more about our Digital Currency & Blockchain Technology practice, contact Kendall PC today online or at (484) 414-4093. Our firm serves individuals, companies, and organizations throughout the United States and across the globe.
Decentralized Exchanges and DeFi
While each DEX is structured somewhat differently, DEX can generally be understood as publicly available software allowing direct, peer-to-peer cryptocurrency transactions in a non-custodial manner. Interactions with DEXs are controlled by smart contracts and are governed by participants who vote on changes to the underlying smart contract code.
Tokenization and DeFi
DeFi tokenization generally refers to creating a blockchain-based token, often an Ethereum-based ERC-20 or ERC-721 (NFT) token, whose value is linked to another tangible or intangible digital asset, such as bitcoin, gold or property rights. DeFi tokenization projects generally accomplish this backing through the use of:
- Collateralized smart contracts
- A centralized custodian holding the underlying asset in a one-to-one manner
- A synthetic intermediary asset
- Some combination thereof
Tokenizing digital assets allows for increased user flexibility by allowing users to access DApps where they can achieve a higher level of capital efficiency. This tokenization allows for faster transaction times, instant and irreversible settlement, and interoperability across the decentralized financial system because transactions need not be conducted across multiple blockchains. DeFi projects are also increasingly engaged in the tokenization of stablecoins. Use of tokenized stablecoins helps protect DeFi users from price movements while their assets are being utilized in an investment DApp.
Lending and Investing Platforms and DeFi
DeFi platforms offering investment and lending services are increasingly popular. DeFi lending platforms allow users to earn interest on their cryptocurrency holdings by lending those holdings to other platform users in a decentralized manner, governed by smart contract. Borrowers typically overcollateralize their loans to ensure that depositors are protected from losses. Many lending and investment platforms also offer subsidies in the form of tokens that boost the returns for investors.
In general, the on and off ramps for DeFi projects only permit movements in cryptocurrency, given the increased levels of centralization necessary when allowing fiat movements. With that said, certain DeFi projects provide retuns on fiat currencies through the use of stablecoins and tokenization. Depending on the DeFi platform, a user may be able to utilize a variety of different cryptocurrencies or digital assets or gain exposure to a number of different fiat currencies or traditional investment products like stocks.
Enforceability and Validity of Smart Contracts and Electronic Contracting
Although there is no single definition of smart contract, the term can generally be understood to encompass “a contract between two or more parties that is stored and digitally executed on the blockchain using code”1 On a basic level, a smart contract is a piece of computer code designed to execute transactions deterministically, or on a predefined basis.
The general consensus in the U.S. appears to be that smart contracts are enforceable, provided the computer code actually contains a contract, as defined under applicable state law. This generally means the code must meet the state common law requirements of offer, acceptance, and consideration. Whether or not a given smart contract actually meets these requirements depends on the particular facts and circumstances, but these elements should not be overlooked when assessing the legal validity and enforceability of a smart contract.
“Because a smart contract is computer code, a smart contract may represent all, part, or none of a valid legal contract under U.S. law. Smart contracts function – in whole or in part – to give effect to legal contracts. Thus, smart contracts are the programmatic means by which some or all of the terms of the legal contract are performed. It is the underlying contractual terms that are given legal effect.”2
In the U.S., contract law is generally a matter of state statutes and common law. Nearly all states have adopted a version of the Uniform Commercial Code (UCC) and Unifrom Electronic Transactions Act (UETA), which applies to transactions that parties have agreed to conduct by electronic means.
At the federal level, the Electronic Signatures in Global and National Commerce Act (ESIGN) addresses a similar category of conduct. Both UETA and ESIGN generally provide for the legal validity of electronic signatures, records, and contracts, so long as the parties have written notice of and consent to conducting business electronically. As explained by the Digital Chamber, UETA and ESIGN provide that:
- If a law requires a signature, an electronic signature satisfies the law.
- If a law requires a record to be in writing, an electronic record satisfies the law.
- A contract, signature, or related record cannot be denied legal effect or enforceability solely because it is in electronic form.
- A contract cannot be denied legal effect solely because an electronic record was used in forming the contract.
A cryptographic signature seems to fit well within the concept of an electronic signature. However, ESIGN does not apply to all types of electronic records and it is, therefore, important to carefully assess the specific facts and circumstances of a given DeFi project. Some states have amended their versions of UETA to explicitly incorporate blockchain-based contracts, though states have not taken a uniform approach in making such amendments.3
As noted above, in the absence of a central authority controlling a DeFi project, many projects partly or entirely rely on smart contracts. Smart contracts are essential to the functioning of most DEX decentralized exchanges and DApps. While the legal status of the smart contract may not be essential in all circumstances (such as where a user agreement is obtained through terms of service or other mechanisms), it is necessary in many DeFi projects to have legally valid and enforceable smart contracts.
U.S. Securities Laws and DeFi
Section 5 of the Securities Act of 1933, as amended (Securities Act), provides that the offer or sale of securities to the public must be accompanied by “full and fair disclosure” through registration with the Securities and Exchange Commission (SEC) and delivery of a prospectus containing information to allow prospective purchasers to make an informed investment decision. The Securities Act makes unlawful the offer or sale of securities in interstate commerce unless a registration statement has been filed with the Securities and Exchange Commission (SEC).
Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Securities Exchange Act of 1934, as amended (Exchange Act), state that a security includes an “investment contract.”4 An investment contract is generally understood to include an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. This test is known as the Howey test.5
Most important among the SEC materials for digital assets is the SEC’s Framework for Investment Contract Analysis of Digital Asserts (SEC Framework), which provides guidance on each prong of the Howey test.6 While a product that fails any prong of the Howey test is not a security, the prong most relevant with respect to DeFi is whether there exists “entrepreneurial or managerial efforts of others.” As described in the SEC Framework, the question is whether an “Active Participant” or AP provides “essential managerial efforts that affect the success of the enterprise, and investors reasonably expect to derive profit from those efforts.” An AP may be a “promoter, sponsor, or other third party (or affiliated group of third parties).” The SEC Framework states that in considering this question, the SEC focuses on whether:
- The purchaser reasonably expects to rely on the efforts of an AP.
- Those efforts are “the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise,” as opposed to efforts that are more ministerial in nature.
The SEC Framework goes on to list a number of characteristics that make it “more likely … a purchaser of a digital asset is relying on the ‘efforts of others.’” These characteristics include, for example, where:
- An AP is responsible for the development, improvement (or enhancement), operation, or promotion of the network, particularly if purchasers of the digital asset expect an AP to be performing or overseeing tasks that are necessary for the network or digital asset to achieve or retain its intended purpose or functionality.
- There are essential tasks or responsibilities performed and expected to be performed by an AP rather than an unaffiliated, dispersed community of network users (commonly known as a decentralized network).
In this context, a key question with respect to any DeFi project is likely to be whether an AP exists. A fully decentralized project without an AP would generally not be considered a security. Notably, even projects that purport to be decentralized may not in fact be fully decentralized and may still be deemed to have an AP by the SEC.
The SEC has asserted jurisdiction over projects with a significant level of decentralization. Whether a given project is sufficiently decentralized that investors are not relying on the managerial efforts of others (no AP exists) is a highly fact-specific analysis that DeFi projects should carefully consider before launching.
Anti-Money Laundering (AML) and DeFi
The Financial Crimes Enforcement Network (FinCEN) is the federal agency with primary responsibility for implementing the Bank Secrecy Act (BSA), including through AML-related regulations that apply to US financial institutions. The definition of financial institution includes a number of business models, the most relevant of which, in blockchain-related projects such as DeFi, are money services businesses (MSBs), which are defined as “a person wherever located doing business, whether or not on a regular basis or as an organized or licensed business concern, wholly or in substantial part within the United States, in one or more” specifically enumerated capacities. One such capacity is a money transmitter. A money transmitter is defined as a person either (1) engaged in the transfer of funds, or (2) providing money transmission services.
Money transmission services are defined as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.” If a person or business is a money transmitter, such person must register with FinCEN and comply with a variety of AML regulations.
Many DeFi projects involve the transmission of value between persons and locations and, therefore, depending on facts and circumstances, may be subject to FinCEN rules.
With respect to DeFi, it is important to keep in mind that FinCEN uses the terms “centralized” and “decentralized” in manners that may differ from their common understanding in the industry. It is also important to note that FinCEN rules can attach to projects dealing with decentralized CVC, depending on the facts and circumstances (e.g., projects involving exchangers).
Therefore, under FinCEN rules, DeFi projects that involve token issuance (most such projects) or provide a platform for users to engage in certain transactions may be subject to regulation as a money transmitter.
DeFi and Data Privacy
Blockchain transparency is important. Equally important and ever-increasing is user privacy. Because of blockchain’s architecture, achieving both transparency and privacy goals raises multiple privacy challenges which include but are not limited to:
- Assessment of the actual legal and regulatory privacy frameworks a project may be subject to
- Increasing user-accountability requirements (with users receiving additional privacy rights – and are inclined to exercise them) that often require extensive identity-management tools and procedures, that are often lacking in DeFi projects
- Challenges with simple privacy questions because traditional privacy concepts do not translate easily in the DeFi context and that creates the potential for legal uncertainty
This legal uncertainty is further increased by certain features of DeFi projects, such as extensive use of automated decision-making (e.g., smart contracts) or the data-intensiveness of some applications (e.g., P2P lending). However, some DeFi projects may retain less data than their centralized counterparts given the open and permissionless nature of many projects, which has the potential to lessen some privacy-related risks.
In the U.S., there is a patchwork of potentially applicable legal authorities, including the:
- California Consumer Privacy Act (CCPA)
- California’s Privacy Rights Act (CPRA)
- Gramm-Leach Bliley Act (GLBA)
- Fair Credit Reporting Act (FCRA)
- A myriad of state data breach notification laws
There are also potential international privacy and security-related implications. Determining the applicability of these legal authorities to DeFi projects and the obligations imposed under each presents challenges given their divergent and sometimes contradictory nature.
Notable Industry Updates
On March 9, 2022, President Biden signed an Executive Order titled “Ensuring Responsible Development of Digital Assets” and issued an accompanying Fact Sheet regarding the U.S. government’s strategy for digital assets. The Executive Order represents the first whole-of-government approach to the benefits and risks of digital assets and the government is now addressing the role of digital assets in the financial system. The Executive Order stops short of regulation but orders multiagency studies on Digital Asset regulatory changes, including National Security and Economic Impact.
Kendall PC is closely monitoring additional developments and the interagency coordination research outputs required by the Executive Order in order to help its clients navigate regulatory risks and requirements in the U.S.
How Our Digital Currency & Blockchain Technology Lawyers Can Help
Kendall PC provides legal counsel to clients regarding legal, operational, and regulatory aspects of DeFi projects including:
- Application of federal and state money transmitter regulations to DeFi projects
- Anti-money laundering prevention and compliance with the Bank Secrecy Act
- Due diligence and legal reviews of DeFi projects for founders, investors or users
- Regulatory compliance of DeFi projects
- Communications with regulators
- Data Privacy
- KYC (know-your-customer)/AML checks in DeFi transactions and the development and implementation of policies associated with each
- Creation and issuance of tokens such as asset-backed stablecoins or non-fungible tokens representing ownership rights
- Creation of Decentralized Autonomous Organizations (DAOs)
- Decentralized Insurance
- Litigation, Disputes and Fraud Investigations
- Day-to-Day legal, compliance and regulatory support
Blockchain Forensics Legal Opinions, Reports, and Investigations
Kendall PC also employs reputable blockchain investigators to assist us with providing clients a blockchain forensics legal opinion and investigative report that may include:
- Detailed flow of a client’s or counterparty’s flow of cryptocurrency or other digital assets on a blockchain;
- Assessment of sufficiency of cryptographic private keys, public records and other factors establishing ownership of cryptocurrency or other digital assets on a blockchain;
- KYC/AML compliance measures taken at each point of the funds’ journey by clients and third parties, including exchanges and OTC traders;
- Legal opinion on adoption, traceability, exchangeability and legality of a particular kind of digital asset existing on a blockchain;
- Regulatory framework for cryptocurrencies and other blockchain assets in the U.S. etc.
Our blockchain forensics legal expert opinions and investigative reports are an effective tool that may help with:
- Conducting due diligence of a cryptocurrency transaction, background check or KYC/AML compliance
- Making a purchase or investment using cryptocurrency or other digital assets
- Digital securities investments
- Demonstrating the legality of your digital-asset holdings to a governmental agency
Contact Our Digital Currency & Blockchain Technology Lawyer Today
For more information about our Digital Currency & Blockchain Technology practice, contact Kendall PC online or at (484) 414-4093. Our Digital Currency & Blockchain Technology lawyers serve individuals, companies, and organizations throughout the United States and across the globe.
1 Smart After All: Blockchain, Smart Contrct, Parametric Insurance, and Smart Energy Grids, 1 Geo. L. Tech. Rev 273 (2017).
2 See Chamber of Digital Commerce: “Smart Contracts” Legal Primer (January 2018).
3 See e.g., A.R.S. § 44-7061; NRS 719.090.
4 See 15 U.S.C. § § 77b(a)(1) and 78 (a)(10).
5 See SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946).
7 See 31 C.F.R. § §1010.100(s), (t).
8 See 31 C.F.R. § §1010.100 (ff).
9 See 31 C.F.R. § §1010.100 (ff)(5)(i)(A).