Keyword: Smart Contract

Getting Smarter: CFTC Publishes Smart Contracts Primer

The Commodity Futures Trading Commission (CFTC) has joined other agencies in explaining the crypto-related products potentially within its jurisdiction. LabCFTC recently released “A Primer on Smart Contracts” as part of LabCFTC’s effort to “engage with innovators and market participants on a range of financial technology (FinTech) topics.” (LabCFTC itself is a “dedicated function” of the CFTC, launched in 2017 to “make the CFTC more accessible to FinTech innovators.”) As summarized below, the Primer provides (i) a high-level overview of smart contract technology and applications, (ii) a discussion of the potential role of the CFTC in smart contract regulation and (iii) a discussion of the unique risks and governance challenges posed by smart contracts.

The Primer describes smart contracts, fundamentally, as coded computer functions that may either incorporate elements of a binding contract (e.g. offer, acceptance and consideration) or simply execute certain terms of an external contract. Smart contracts allow self-executing computer code to take actions at specified times or based on the occurrence or non-occurrence of an action or event. The Primer also notes that smart contracts can be stored and executed on a distributed ledger, which effectively prevents modifications not authorized or agreed by the parties. It describes distributed ledgers as electronic records that are updated in real time and intended to be maintained on geographically disperse servers or “nodes.” (Distributed ledger technology is the innovation underlying blockchains generally, including the bitcoin blockchain.) As an example of a smart contract in the derivatives context, the Primer describes a credit default swap encoded as a smart contract, whereby the code would (i) automatically make quarterly premium payments from an end-user to a dealer, (ii) check an external financial information source (known as an “oracle”) daily to monitor for credit events with respect to the relevant reference assets, and (iii) if the oracle indicates that a credit event has occurred, calculate and transfer payment from the dealer to the end-user. “Oracle” commonly refers to an external source of information, which the Primer describes as “a mutually agreed upon network authenticated reference data provider (potentially a third-party); this is a source of information to determine actions and/or contractual outcomes, for example, commodity prices, weather data, interest rates, or an event occurrence.”

Regarding the role of the CFTC in regulating smart contracts, the Primer does not state or suggest that the CFTC intends to impose any requirements that would be specific to smart contracts. Rather, noting that derivatives in many cases “may be readily digitized and coded,” the Primer then lists the following types of derivatives products that are subject to CFTC jurisdiction, and states that a given smart contract could constitute any one of them “[d]epending on its structure, operation, and relevant facts and circumstances”: commodities, forward contracts, futures contracts, options on futures contracts and swaps.

The Commodity Exchange Act and related CFTC regulations impose various requirements and restrictions on such transactions, depending on product type. A credit default swap based on a “broad-based” security index, for example, constitutes a “swap” and, as such, may implicate or be subject to swap dealer registration, clearing and execution, reporting and recordkeeping, and other CFTC requirements. Accordingly, absent further guidance or regulations from the CFTC specific to smart contracts, it appears that the Primer’s credit default swap smart contract example described above (assuming it was based on a broad-based security index) would be regulated by the CFTC as a swap, similar to an ordinary, non-smart contract credit default swap based on a broad-based security index. The Primer further clarifies that: “Existing law and regulation apply equally regardless what form a contract takes. Contracts or constituent parts of contracts that are written in code are subject to otherwise applicable law and regulation.”

The Primer also notes that, depending on their “application or product characterization,” smart contracts may be subject to various other legal frameworks, including, among others, federal and state securities laws and regulations; federal, state, and local tax laws and regulations; the Uniform Commercial Code (UCC), the Uniform Electronic Transactions Act (UETA), and the Electronic Signatures in Global and National Commerce Act (ESIGN Act); the Bank Secrecy Act; etc. Finally, the Primer discusses operational, technical, cyber security, and fraud and manipulation risks unique to smart contracts, as well as possible governance standards and frameworks (such as assigning responsibility for smart contract design and operation and establishing mechanisms for dispute resolution).

A Foreboding View of Smart Contract Developer Liability

At least one regulator is attempting to provide clarity regarding the potential liability of actors who violate regulations through the use of smart contracts. On October 16, 2018, Commissioner Brian Quintenz of the Commodity Futures Trading Commission explained his belief that smart contract developers can be held liable for aiding and abetting CFTC rule violations if it was reasonably foreseeable that U.S. persons could use the smart contract they created to violate CFTC rules. As is typical, the Commissioner spoke for himself, but it seems likely that his views reflect the CFTC’s philosophy.

Generally speaking, smart contracts are code-based, self-executing contractual provisions. Smart contracts that run on top of blockchain protocols, like ethereum, are increasingly being used by companies in a wide variety of businesses to create autonomous, decentralized applications. Some of these applications might run afoul of CFTC regulations if they have the features of swaps, futures, options, or other CFTC-regulated products, but do not comply with the requisite regulatory requirements. The fact that smart contracts support disintermediated markets – a departure from the market intermediaries traditionally regulated by the CFTC – does not change the CFTC’s ability to extend its jurisdiction to them.

To identify where culpability might lie, Commissioner Quintenz identified the parties he believes to be essential to the functioning of the smart contract blockchain ecosystem:

  1. the core developers of the blockchain software;
  2. the miners that validate transactions;
  3. the developers of the smart contract applications; and
  4. users of the smart contracts.

Commissioner Quintenz dismissed the core developers and the miners as potential culpable parties by reasoning that while they both play a vital role in creating or administering the underlying blockchain code, they have no involvement in creating the smart contracts. He also limited the possibility of the CFTC pursuing enforcement against individual users because, as he explained, although individual users are culpable for their actions, “going after users may be an unsatisfactory, ineffective course of action.”

That leaves the developers of the smart contract code. Commissioner Quintenz stated that to ascertain the culpability of the smart contract code developers, the “appropriate question is whether these code developers could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations.” If such a use is foreseeable, Commissioner Quintenz believes that a “strong case could be made that the code developers aided and abetted violations of CFTC regulations.”

Commissioner Quintenz expressed that he would much rather pursue engagement than enforcement, “but in the absence of engagement, enforcement is the only option.” The Commissioner recommended that smart contract developers engage and collaborate with the CFTC prior to releasing their code to ensure that the code will be compliant with the law. The Commissioner even suggested that the CFTC is willing to rethink its existing regulations or provide regulatory relief, depending on the technology in question.

As blockchain and smart contract technology matures, we expect decentralized and disintermediated applications to come to market in increasing volumes. In his speech, Commissioner Quintenz provided valuable insight into how one regulator is thinking about applying existing laws to this new market. His remarks will be especially valuable if they influence other regulators, such as the Securities and Exchange Commission or the Financial Crimes Enforcement Network, to take a similar approach.

EtherDelta Founder’s Settlement with the SEC Has Grim Implications for Smart Contract Developers

and

The SEC recently brought its first enforcement action against the creator of a “decentralized” digital token trading platform for operating as an unregistered national securities exchange, and in doing so joined the CFTC in putting a scare into smart contract developers.

On November 8, 2018, the SEC issued a cease-and-desist order settling charges against Zachary Coburn, the creator of EtherDelta, an online “decentralized” digital token trading platform running on the Ethereum blockchain. The SEC charged only Coburn, the individual who founded EtherDelta, but no longer owns or operates it. Note that the SEC press release states that the investigation is continuing.

The SEC announced its action against Coburn a month after a CFTC Commissioner stated in a speech that smart contract developers could be found liable for aiding and abetting violations of commodity futures laws. Both agencies appear to be putting smart contract developers on notice that by releasing code into the ether, they are inviting potential liability for any rule violations, even if they sever their connections with the code.

The SEC found that EtherDelta provides a marketplace to bring together buyers and sellers of digital tokens. The platform facilitates these transactions through the use of a smart contract, which carries out the responsibilities generally assumed by an intermediary: the smart contract validates the order messages, confirms the terms and conditions of orders, executes paired orders, and directs the distributed ledger to be updated to reflect a trade. The SEC employed a “functional test” to determine whether EtherDelta constitutes an exchange and to hold Coburn, who “wrote and deployed the EtherDelta smart contract . . . and exercised complete and sole control over EtherDelta’s operations,” responsible. As the Chief of the SEC’s cyber unit stated in the press release, “[w]hether it’s decentralized or not, whether it’s on smart contract or not, what matters is it’s an exchange.”

EtherDelta is one example of the innovation that smart contracts can facilitate. Innovation, however, is not a substitute for compliance. Indeed, in the SEC’s press release announcing the settlement, Co-Director of Enforcement Steven Peiken acknowledged that blockchain technology is ushering in significant innovation to the securities markets, but cautioned that “to protect investors, this innovation necessitates the SEC’s thoughtful oversight of digital markets and enforcement of existing laws.”

Significantly, the SEC found that certain transactions on the platform involved digital tokens that constitute securities, but declined to identify those tokens. Senior SEC officials have previously stated that ether is not a security, but this case shows that the SEC has not reached the same determination for all tokens issued on the Ethereum blockchain.