a16z on US Web3 Regulation: Is the SEC and CFTC Terrible?

Original Authors: Miles Jennings and Brian Quintenz, a16z crypto

Compiled by: Peng SUN, Foresight News

Recent significant law enforcement actions and court rulings indicate differing views among various U.S. government entities regarding Web3 regulation. While new legislation has yet to emerge, Web3 is already encountering different regulatory approaches. However, this also informs us on how to formulate new legislation to appropriately regulate Web3, thereby achieving policy goals and paving the way for the development of Web3 in the U.S.

We believe that a framework based on "regulating Web3 applications rather than protocols" (RANP) will be helpful in reviewing, analyzing, and rating regulatory actions involving Coinbase (Wallet), Uniswap, ZeroEx, OPYN, and Deridex. We examined whether these regulatory actions appropriately targeted businesses rather than software and its developers (a key principle of RANP), and assessed them based on their compliance with RANP and its application to existing laws. Overall, they are largely consistent with RANP's focus on businesses rather than software, although there are differences in the application of existing laws. Therefore, we are more optimistic about the current regulatory landscape in the U.S.

Rating Methodology

As outlined in Part Four of RANP, our approach to evaluating how existing regulations or new legislation should apply to Web3 projects begins with examining the nature of the underlying software protocol and whether it may involve regulation. If regulation is involved, we will analyze the appropriate degree of regulatory intervention or oversight (or liability) for specific applications that reference that protocol.

As discussed in Part Two of RANP, even if Web3 protocols promote centralized regulation, the regulatory focus of governments or agencies should always balance the pros and cons of additional regulation. Generally, governments should not infringe upon individuals' freedom to publish open-source code software. Instead, governments should focus regulatory efforts on business-related activities within their jurisdiction, including facilitating illegal activities or evading existing regulations through new technologies.

Step One: Protocol Assessment

We assess the nature of the protocol by determining whether it is: open-source, decentralized, autonomous, standardized, censorship-resistant, and permissionless. Recognizing the importance of these characteristics and incentivizing regulations that encourage protocols to adopt these traits should foster the development of open, free, and trustless neutral internet protocols. In fact, the current foundational layer of the internet is designed this way, and the government views network usage responsibility similarly. When a protocol possesses these characteristics, the likelihood of it being used for regulatory arbitrage is reduced, for example, when centralized businesses attempt to evade regulation by using smart contracts deployed on blockchains they control.

In our case studies, we evaluated each protocol based on the allegations from relevant regulatory agencies (regardless of whether the allegations are factually accurate), industry common sense, and findings from the presiding judge's inquiries.

Step Two: Application Assessment

The second step of our analysis requires assessing the risks and regulatory levels that applications or businesses using the protocol should bear based on the characteristics of the application or business. We guided our research using the standards established for centralized and decentralized exchanges in Part Four of RANP. In our study, regulatory applications or liability allocations only apply to situations that relate to the risks posed by the characteristics of the application or business and address those risks.

In practice involving existing regulations, we assessed whether it is reasonable to extend such regulations to Web3 in the context of RANP, or whether it is necessary to formulate more targeted regulations given the unique nature of blockchain technology. In other words, is the concept of "the same user activity, the same user risk, the same rules" appropriate? Or does the underlying technology imply that similar user activities pose different risks, necessitating the creation of specific rules to address these differences?

Rating: Analysis Summary

The regulatory framework for Web3 activities in the U.S. is still evolving, but our analysis of the cases reveals signs of potential maturity that are not as alarming as many industry insiders suggest. Crucially, these cases did not provide conclusive evidence that regulators or courts are "targeting developers" solely for developing, publishing, or deploying code. Instead, there is strong evidence that regulators and courts generally target businesses engaged in illegal activities (which happen to include the use of code), consistent with RANP. This distinction is vital: targeting developers solely for publishing code would undermine the development potential of Web3 and jeopardize the future of Web3 in the U.S.; targeting businesses that facilitate violations of existing laws (or the intent of existing laws) opens a path for reasonable regulation of Web3, which will promote the flourishing of the underlying technology.

The actions taken by the U.S. Securities and Exchange Commission (SEC) against Coinbase and the judge's analysis of the Uniswap case clearly indicate that the focus is on businesses rather than protocols. Although the U.S. Commodity Futures Trading Commission (CFTC) has used ambiguous language and raised numerous issues in its actions, it is difficult to draw the same conclusion. After analyzing all of the CFTC's actions and settlements in the Web3 space to date, we found that, despite many opportunities, they have not targeted developers or protocols. However, while both the CFTC and SEC actions target businesses, their regulatory approaches are enforcement-based and fail to promote innovation, resulting in lower ratings.

Moreover, the actions of the SEC and CFTC are easily distinguishable. The SEC's action against the Coinbase Wallet is unknown and will likely backfire—regulatory guidance and targeted rule-making would be more beneficial for protecting investors and promoting financial innovation. Additionally, the lack of clear regulations governing the questioned behavior or providing compliance pathways has expanded the scope of existing regulations to the point of challenging fundamental fairness and due process.

However, the CFTC is somewhat more principled, as the regulations they use apply to the questioned business activities. According to our assessment, these actions do not violate fairness and due process. But we strongly agree with Commissioner Summer K. Mersinger's dissenting opinion that the best solution would be to bring these businesses into a sandbox or new regulatory framework to foster innovation. However, since the CFTC does not accept new derivative structures that could provide specific benefits to consumers, it is also difficult for them to foster responsible innovation.

Enforcement Action Cases

Based on the analysis of actions taken against Coinbase (Wallet), Uniswap, ZeroEx, OPYN, and Deridex, we have developed the following ratings and provided a brief analysis of the outcomes of each action.

Case: SEC v. Coinbase (Wallet)

Rating: F

Status: Pending

The SEC alleges that Coinbase operates as an unregistered broker under the Securities Exchange Act of 1934, enabling Coinbase Wallet users to exchange digital assets through software protocols deployed on the blockchain. This complaint aligns with RANP, focusing on Coinbase's business activities related to the wallet rather than the development of the underlying code of the wallet or its use in exchanges through decentralized autonomous protocols.

While RANP believes there is sufficient reason to regulate applications like wallet exchange functions, existing U.S. regulations do not explicitly prohibit such activities. Although the SEC has consistently emphasized that whether an activity constitutes broker behavior typically requires examination of facts and circumstances, this regulatory case did not include the wallet. In such cases, RANP strongly opposes attempts to overly extend existing regulations to address "regulatory gaps," especially when the targeted activities and risks are fundamentally different from those existing regulations and guidelines aim to address. Unfortunately, this is precisely what the SEC has accused Coinbase of doing by providing brokerage services through its wallet.

Thus, the SEC's allegations represent one of the cases where regulatory action is counterproductive, and regulatory guidance and targeted rule-making would be more beneficial for protecting investors and promoting financial innovation.

Case: Risley v. Uniswap

Rating: A

Status: Judge approved the dismissal of the motion in the final order and opinion.

Judge Failla dismissed a class action lawsuit against Uniswap Labs and other defendants, which sought to hold the defendants responsible for the operation of the Uniswap decentralized trading protocol and the Uniswap.org website interface. Judge Failla rejected the plaintiffs' requests, which is fundamentally consistent with RANP. In particular, she reasoned through legal reasoning that smart contract protocols and developers should be excluded from regulation and liability; however, as Web3 applications pose increasing risks to users, we also have reason to increase the obligations of these applications.

Case: CFTC v. ZeroEx

Rating: C

Status: CFTC allegations ultimately resolved.

The CFTC took action against ZeroEx, Inc. for facilitating certain leveraged digital asset trades through the 0x smart contract protocol and Matcha.xyz website interface, violating the Commodity Exchange Act (CEA). Although the CFTC's use of ambiguous language and reliance on its enforcement regulatory approach has caused unnecessary confusion regarding its overall regulatory approach to Web3, the CFTC's actions largely align with RANP. The action clearly demonstrates that the CFTC's primary focus remains on the businesses operating applications rather than the autonomous software protocols. For instance, the CFTC frequently mentions the Matcha interface and the settlement agreement reached with ZeroEx, which ensures that infringing assets are removed from Matcha while still allowing Americans to access the Matcha website. Meanwhile, infringing assets can still be traded outside the U.S.

However, the CFTC's approach has indeed failed to promote innovation as required by RANP. Non-profit applications like the Matcha interface should have the flexibility to foster innovation under applicable regulations, particularly in cases where leveraged assets can be safely provided and leveraged assets constitute only a small portion of available assets, as is the case with the Matcha interface.

Nevertheless, the CFTC's application of the CEA to the Matcha interface is generally consistent with RANP's regulatory focus. This is a reasonable application of existing laws that is entirely predictable and avoidable, and it curtails potential regulatory arbitrage.

Case: CFTC v. Opyn

Rating: B

Status: CFTC allegations ultimately resolved.

The CFTC took action against Opyn for facilitating the creation, purchase, sale, and trading of blockchain-based derivatives through the smart contract protocol and opyn.co website interface, violating the CEA. Similar to the lawsuit against ZeroEx, the CFTC also used ambiguous language and engaged in enforcement regulation. Even so, this action largely followed RANP and more strongly indicated that the CFTC's focus is on regulating businesses rather than software: after reaching a settlement with Opyn, the CFTC seems satisfied with Opyn adopting a stronger U.S. intellectual property blockade. Meanwhile, its products remain available outside the U.S.

Nonetheless, the CFTC still failed to support innovation. Opyn's products are indeed innovative, perfectly demonstrating how programmable blockchains eliminate many of the risks historically associated with derivatives and perpetual futures.

Nevertheless, the CFTC's actions align with RANP's regulatory focus. The Opyn website interface facilitates illegal activities in the U.S., failing to effectively prevent Americans from using the site, and Opyn and its investors promote their products on forums accessible to Americans. Furthermore, the CFTC's actions represent a reasonable application of existing laws without any unknown circumstances.

Case: CFTC v. Deridex

Rating: B+

Status: CFTC allegations ultimately resolved.

The CFTC took action against Deridex, Inc. for operating a leveraged digital asset and derivatives trading platform through the smart contract protocol and app.deridex.org website interface, violating CEA regulations. While this case shares similar issues of ambiguous wording and enforcement regulation with the ZeroEx and Opyn cases, the CFTC's actions are generally consistent with RANP and align with its regulatory focus. The interface operated by Deridex facilitates illegal activities in the U.S., and it is alleged that it openly disregards U.S. laws without attempting to prevent Americans from accessing it. Therefore, the CFTC's actions represent a reasonable application of existing laws and are entirely predictable.

The regulatory environment for Web3 is full of opportunities. Different entities of the U.S. government seem to unanimously focus on business activities rather than developers. This aligns with the core premise of RANP.

Moreover, RANP posits that when formulating new regulations or applying existing regulations to Web3, the opportunities and risks presented by blockchain technology must be considered. The same user activities can lead to different risks, necessitating different rules to achieve the same regulatory outcomes.

The CFTC appears to be the most capable of making progress in its next regulatory initiatives, as its actions align more closely with its legal authority and regulations. However, this does not excuse the agency from failing to establish a policy framework around decentralized derivatives. Promoting responsible innovation is a mandate written into the CFTC's responsibilities, yet the agency has clearly failed to fulfill this duty. The agency has the authority to review new approaches to the derivatives market and grant exemptions from existing rules, allowing for the safe adoption of innovation. This authority is crucial for consumer choice in participating in new technologies, as new technologies not only offer unique advantages but also mitigate different risks.