Peter Van Valkenburg has written an op-ed titled “There’s no such thing as a decentralized exchange” that suggests the term “decentralized exchange (DEX)” is overused as a noun and recommends that people instead rephrase the term as a verb. Valkenburg hopes to make the focus less on an entity, but more about the software tool that enables exchanges to occur. Valkenburg suggests that using DEX as a noun indicates there is still an entity involved in the exchange process and that may attract some scrutiny from regulators. He then goes on to discuss a DEX with respect to the following three categories of regulation and law: 1) financial surveillance 2) securities law and 3) the constitution. It’s true that smart contract software can enable peer-to-peer exchanges, but what about the decentralized companies or organizations that are often behind the business or software?
DEX As Software And A Business
Bank Secrecy Act
Valkenburg first discusses the 1970 Bank Secrecy Act that require financial institutions and businesses to keep track of customer identity under know your customer (KYC) and anti-money laundering (AML) procedures. Valkenburg contends these regulations only apply to institutions that custody and control other people’s cryptocurrencies and brings up the analogy between a bank and a bank safe. It’s quite clear a manufacturer of a bank safe has no obligation to implement KYC/AML procedures.
However, many decentralized finance (DeFi) organizations have traditional legal entities that produce the software and sometimes earn a profit from the smart contract software. Oftentimes there is a virtual organization or decentralized autonomous organization (DAO) with a token and governance behind the software (eg. MakerDAO, Uniswap, Yearn). Would KYC/AML apply to these virtual organizations that don’t even have a place to store customer identity in the first place? Because these decentralized protocols don’t have a legal jurisdiction it may be difficult for regulators to go after these businesses, but would they go after individuals that are known to be affiliated with the business such as they did with Arthur Hayes at BitMex? It would seem an extremely unreasonable burden and antithetical to require a DAO to have to implement any identity policy on an open and permissionless blockchain platform. It seems incredibly important to defend individuals like Arthur Hayes against such unfair and aggressive actions by the DoJ and perhaps challenge KYC/AML policies as unconstitutional altogether.
Valkenburg discusses the second major regulatory concern for cryptocurrency exchange startups: the SEC. According to Valkenburg “tokens that do not have an issuer upon whom token-holders rely for an expectation of future profits are not securities, and those that do are securities.” He describes the difference between Bitcoin, tokens that depend on an issuer to deliver a future network and a network that already exists. Valkenburg contends that an exchange company that allows unregulated tokens to trade on its exchange may be liable under securities law. A good example is EtherDelta, a company that built a smart contract that allowed people to make exchanges for any token freely. The SEC went after the owner Zachary Coburn of EtherDelta and he settled with the SEC. Again what about an exchange governed by a DAO with participants around the world and with no legal jurisdiction? Because regulators can go after individuals the safest option may be to conduct business outside the US.
Valkenburg next discusses Constitutional defenses against regulators including freedom of speech under the First Amendment & warrantless search and seizure under the Fourth Amendment. Valkenburg suggests if someone is developing or creating software there may be strong constitutional protections, but if the person is hosting a website, collecting fees or advocating illegal usage that could be problematic. One interesting point Valkenburg mentions is the idea that the government cannot put a ‘prior restraint’ on speech. For example, “If a developer is told that she must include a surveillance or “know your customer” tool (or backdoor) in her decentralized exchange software, this could be challenged as unconstitutional compelled speech.” Furthermore he states “if a developer is compelled to include surveillance tools in her decentralized exchange software, that mandate can be challenged as an unconstitutional warrantless search in contravention of the Fourth Amendment’s warrant requirement.” Valkenburg also ends with an important point that the reason why the Bank Secrecy Act might be considered constitutional is because people lose their rights to privacy when they give their info ‘voluntarily’ to a third-party financial institution. Although developing smart contracts may be safe, if there is a governance token for a virtual organization or DAO, regulators may go after individuals who participate in the the DAO. It will be interesting to see how far they would go to regulate those who are key stakeholders in a DAO. Another constitutional challenge that Valkenburg did not discuss was that KYC/AML policies altogether may be outside the enumerated powers of Congress as I discussed before in the commentary regarding BitMex and Arthur Hayes.
The key question about decentralized exchange businesses is not so much about the smart contract software as a tool, but the governance token and DAOs that often complement it to organize a business. A virtual organization may be considered an entity even though it doesn’t have a legal jurisdiction. How far will the US government go to regulate these DAOs and will they go after key individuals? How could the government compel KYC/AML on an open and permissionless blockchain? For now it may be much safer for startups to build their crypto business outside the US.