The US is a complicated patch-work of jurisdictions when it comes to laws. It has multiple regulatory bodies, multiple types of law (civil vs criminal, etc), multiple regulatory jurisdictions (state vs federal) and hefty debate on how the law is applied.
You apply the law in a few ways, first in the “letter of the law” way in which you apply a law only as written.
Second is in the “spirit of the law” way, where you try & apply the purpose of the law rather than the specific word.
This gets applied more in criminal cases. Today, joint charges from the CFTC and the DoJ were handed down to BitMex.
The CFTC is a regulator, like the SEC that handles commodities. It applies regulatory and civil penalties, but it itself does not pursue criminal action. It lets the DoJ handle that.
BitMex was charged by the CFTC as running an unlicensed commodities exchange which allowed US customers.
Just like dealing with the SEC, the ways the rules are written and applied, and the spirit of those rules in CFTC guidelines make it unclear if the regulation should apply to DeFi.
You see the SEC and CFTC laws were made as ‘consumer protections’ to prevent consumers trusting the wrong person and getting taken advantage of.
That’s part of why existing SEC cases have focused on fraud, promise of return or over centralized admin keys.
So the crypto community might be right that CFTC regulation may not apply to DeFi. That’s a grey area, because it could be argued the consumer is ‘safe’ in a limited sense.
But the CFTC charges would result in financial penalties. The much larger threat is the BSA.
The DOJ handles the prosecution of the BSA which includes criminal charges.
The Bank Secrecy Act does not have the goal of protecting consumers.
The Bank Secrecy Act has the goal of stopping money laundering.
Rather than things like the CFTC where the law roughly says “If you run an exchange you have to register with us so we can keep users safe”
The BSA essentially says “if you in anyway knowingly, purposefully or through failure to meet industry standards, support, enable, facilitate or profit from money laundering, we’re going to throw the book at you”
Now – many people presume there to be some sort of magical “peer-to-peer” exemption that exists in these laws.
I’m not sure where that myth comes from, it might be an oversimplification of understanding the SEC/CFTC limitations. But it doesn’t exist.
Proof of this is that the DOJ has pursued individuals on sites like localbitcoins and paxful with having been involved with facilitating money laundering or failing to comply with preventative measures.
The only litmus test here was “was this just an individual selling crypto one-time in small batches, or a systematic commercial operation” and you’d be surprised at how small that systematic operation can be for it to still count.
The only thing that the BSA cares about is not if you are in the US or if you are a corporate entity, it cares about are you a “financial agency” which can include a person, issuer, redeemer, exchanger, entity, depository trustee or agent, or a collection of such persons.
Note how a company isn’t relevant. The only thing that matters is do you make it easier for criminals in the US to exchange monetary instruments without applying the US standards of KYC/AML.
Now here, the crypto community will throw their arms up in a rallying cry “but you can’t shut down a contract”
No, you can’t but DAO or no DAO you can find that developers with admin keys, users who create front-ends, companies hiring individuals to work on the protocol and others who enable or profit from the contract, to be in violation on the BSA.
That can lead to seizing domain names and hosting servers, shutting down front-ends, and arresting developers.
If that happened to a protocol a large bulk of users would stop using it and not interact with the contract directly, essentially killing the protocol.
The take away here is that a protocol isn’t outside the reach of the government, there is always pressure points that can be applied.
While DeFi may be in a grey area with some regulation, it is clear that the BSA still applies.
And, we in crypto should want the goals of the BSA to apply. There is a difference between wanting sovereignty and privacy over your own funds vs enabling criminal activity.
I for one, have no interested in creating something that helps terrorists or human traffickers.
The challenge is, that right now we don’t know that middle ground, we don’t have the tech solution that balances asset privacy, defi and BSA compliance – but that doesn’t mean that it doesn’t apply (or that it is necessarily a bad thing).
It is dumb and archaic to try and apply outdated SEC and CFTC regulations to this industry, those need to evolve.
But its not dumb for regulators to want to prevent misuse of this technology.
They won’t turn a blind eye to Defi.
And while it will be hard for them to pursue (and won’t happen right away), they will find new tools and new pressure points to make sure the BSA is applied – and they’ve shown the long-arm that the US DOJ has.
DeFi needs to start planning BSA compliance or the exclusion of US users – because that day will likely come.