The Commodity Futures Trading Commission (CFTC) has filed a complaint against Ooki DAO for operating an unlawful margin exchange. It’s also filed an order setting against bZeroX, LLC, Tom Bean, and Kyle Kistner, the founders of bZeroX, with Bean and Kistner agreeing to a $250,000 fine.
Introducing Ooki DAO and the Ooki Protocol
Atlanta, Georgia-based bZeroX LLC launched Ooki Protocol in June 2018 as bZeroX Protocol. A lending and borrowing protocol, it enables margin trading – using loaned funds in order to increase trading exposure.
Users of the protocol were able to deposit ether into a smart contract which would then act as collateral for margin trading. The idea was that the protocol would borrow Dai and use that to purchase ether, with the user receiving a token representing their derivative position.
In August 2021 bZeroX announced that it would be transferring control of the bZeroX protocol to the bZx DAO.
One of the founders described the motivation for the move as taking “all the steps possible to make sure that when regulators ask us to comply, that we have nothing we can really do because we’ve given it all to the community.”
However, it’s also likely that the goal of transferring control of the protocol was to make it harder for regulators to pursue it over its highly-publicized lack of Know Your Customer (KYC) checks.
Then, in December last year, the bZx DAO voted to rebrand to ‘Ooki DAO’ and the ‘Ooki protocol. No meaningful functional changes occurred as a result of this rebrand.
Exactly what violations are alleged?
The CFTC alleges that the DAO offered unlawful leveraged and margined commodity transactions and that the DAO was engaging in activities that require registration with the CFTC as a Futures Commission Merchant.
The final allegation is that Ooki DAO did not have appropriate KYC and anti-money laundering procedures.
The CFTC believes that the margin trading that Ooki DAO offered to anyone willing to put up collateral falls under its jurisdiction and can only be offered to US persons by appropriately regulated entities.
The KYC count would have required Ooki DAO to make itself permissioned — an extraordinary step for a protocol that advertises decentralization. In other words, it would either have to know every wallet interacting with the protocol or find some other way to allow only appropriately checked wallets to interact with the protocol.
Specifically, the complaint is against the entity ‘Ooki DAO’ which is defined in the complaint as: “an unincorporated association comprised of holders of Ooki Tokens (or of BZRX Tokens, when the Ooki DAO was doing business as the bZx DAO) who have voted those tokens to govern (e.g., to modify, operate, market, and take other actions with respect to) the Ooki Protocol (formerly named the bZx Protocol) during the DAO Relevant Period.”
This definition of the DAO could include a large number of token holders who voted on a variety of governance proposals, though it’s unclear how many of the individual participants will be pursued by the CFTC.
What’s in the settlement?
The complaint seeks to bar the members of Ooki DAO from continuing to offer derivative trading, a ban from commodity trading for all members of the DAO, and to start trying to return funds to make customers whole.
In the worst case, this means that people who voted their governance tokens in Ooki DAO will never again be able to trade bitcoin or ether.
The settlement already filed between the CFTC, bZeroX LLC, Kyle Kistner, and Tom Bean includes an agreement to pay a $250,000 fine and a ban from participating in Ooki DAO.
What does this mean for other DAOs?
The first and most important takeaway is that transferring control over to a DAO doesn’t make a protocol “enforcement-proof.”
It also reaffirms something that crypto lawyers have been warning about for years — that a DAO still leaves many participants with liability that will be hard to avoid. The CFTC alleges that the Ooki DAO is an “unincorporated association” and because of that, the individual members have liability for the actions of the DAO.
Stephen Palley, now a partner at Brown Rudnick, wrote in 2016 that “the members of a general partnership can end up jointly and severally liable on a personal basis for partnership obligations…This seems…a big concern to a DAO creator or participant…I expect that a court would see the entity that isn’t really an entity as a fiction and could allow a lawsuit to proceed against the individual members.”
We reached out to Stephen for his thoughts on this lawsuit and he commented that the joint liability was “no surprise at all and incredibly predictable.”
Regulators have the tools to “pierce the veil of decentralization” and pursue these actors even when a DAO is involved in the process. Grant Gulovsen, a cryptocurrency lawyer said, “people in the crypto community were relying on the ‘DAO = enforcement proof’ model cited in the complaint and that’s clearly wrong.”
It’s not clear how many individual participants will be pursued by the CFTC as a result of this complaint, but it’s likely that the liability being extended to those who participated in the voting process will have a chilling effect on DAO participation, with many choosing to no longer take part in governance if it carries that type of risk.
It’s also possible that if the CFTC pursues members broadly, and if courts decide to grant their injunction against members of the DAO participating in commodities trading, the governance voting members will no longer be allowed to trade any cryptocurrency that the CFTC considers a commodity.
These two features represent an additional risk to the governance token model for decentralized finance.
However, Stephen Palley also worried that “the CEA maybe is stretched beyond its original intent and utility when you are dealing with a protocol that is treated as a counterparty.”
What about Mersinger’s dissent?
CFTC Commissioner Summer Mersinger, a President Biden nominee, filed a public dissent to the complaint.
Mersinger worries that this interpretation is overly broad and too reliant on state law decisions establishing the ability to assign debts to members of an unincorporated association.
She also believes this disincentives governance and treats holders of the governance token differently based on whether or not they voted. Token holders who chose to never vote aren’t part of the unincorporated association laid out in the complaint, which Mersinger characterizes as “unfairly picking winners and losers.” She also voices concerns that this “undermines the public interest by disincentivizing good governance in this new crypto environment.”
Mersinger also believes that under the Commodities Exchange Act (CEA) that the CFTC already had statutory authority to pursue the entities they have so far (Kistner, Bean, and bZeroX LLC.) under the aiding-and-abetting liability statutes.
Specifically, it claims that “this compelling evidence demonstrates that Bean and Kistner met the standard for aiding-and-abetting liability under the CEA and that this makes them liable for Ooki DAO’s violations of the CEA and CFTC rules.”
What does this mean for the crypto regulatory turf war?
In the ongoing struggle between the CFTC and the SEC (Securities and Exchange Commission) over who will be the primary regulator of cryptocurrency this represents a further attempt by the CFTC to assert its jurisdiction.
Recently, a variety of industry forces have come out in support of appointing the CFTC as the primary cryptocurrency regulator, notably Sam Bankman-Fried, and FTX US, along with a number of politicians.
On August 3, FTX Policy published a piece entitled CFTC Investor Protections Are Robust and Appropriate for Digital Asset Markets which claimed that “the CFTC investor-protection regime is a fit-for-purpose framework for the digital-asset space.”
We attempted to reach out to FTX US to see if they stand by this analysis in light of this major enforcement action, but they didn’t respond.
If the CFTC ends up making smart contract derivatives platforms a non-starter, that will likely benefit FTX’s investments in setting up their US-based derivative exchange.
The clearest takeaway is that DAOs are not ‘enforcement-proof’ and participating in unlawful activities, even through a DAO, can carry very significant liability.