Smart Contracts That Violate the Commodity Exchange Act: What Parties Are Liable?


In recent years, the U.S. Commodity Futures Trading Commission (CFTC) has devoted significant resources to addressing how the requirements of the Commodity Exchange Act (CEA) and the regulations thereunder apply to transactions involving Bitcoin and other virtual currencies.[1] The CFTC has not adopted any rules specific to virtual currencies, but rather has made clear that derivatives contracts based on a virtual currency are subject generally to the same CFTC regulations that apply to other types of derivatives contracts that have traditionally been within the CFTC’s jurisdiction.[2] Additionally, the CFTC has noted that derivatives contracts are susceptible to automation through smart contracts and distributed ledger technology (DLT) and “[e]xisting law and regulation apply equally regardless what form a contract takes . . . [even to] contracts [or parts of contracts] that are written in code[.]”[3]

Despite the CFTC’s focus on virtual currencies and DLT, however, the CFTC, to date, has not directly addressed how liability for CEA violations involving DLT should be allocated among the various parties involved in a distributed ledger network, such as the network itself, persons running consensus nodes, developers building applications on the platform, and businesses and end users using such applications. Questions regarding the allocation of liability may become increasingly pressing with the proliferation of smart contracts that potentially violate the CEA. As discussed below, such smart contracts may expose a broader range of parties involved in the network to liability than would, for example, a non-smart (i.e., not represented or executed by code) option contract with Bitcoin as the underlying commodity.[4] In the case of such a non-smart contract, the counterparties may be exposed to liability in connection with any CEA violations, but it is not likely that other parties involved in the Bitcoin blockchain, such as developers of the underlying network code or nodes, would be exposed to liability.

In a recent speech, CFTC Commissioner Brian Quintenz acknowledged that the allocation of liability in connection with distributed ledger networks and smart contracts remains an open question and offered his own general view on the issue, possibly giving an indication of the CFTC’s future approach. In relevant part, Commissioner Quintenz stated:

One could look to the core developers of the underlying blockchain code. Without this foundational code, the smart contracts could never be executed. However, these core developers had no involvement in the development of the smart contract code. They invented a code upon which any number of applications can run and, in my view, it seems unreasonable to hold them accountable for every subsequent application that uses their underlying technology, without further evidence of knowledge or intent. They may not even be aware that this particular type of smart contract has been deployed.

Similarly, miners and general users of the blockchain are not in a position to know and assess the legality of each particular application on the blockchain. The anonymous, decentralized nature of the chain makes it difficult or even impossible for miners and users to monitor the activity of other miners and users.

That leaves us with the developers of the smart contract code that underlies these event contracts, as well as the individual users who then use that code to create and wager on their own event contracts. The developers of the code could claim that they merely created the protocol and therefore have no control over whether and how users choose to use it once it is part of the public domain. They would place the liability on the individual users, who are the actual creators and counterparties of the event contracts.

In my view, this analysis misses the mark. Instead, I think the appropriate question is whether these code developers could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations. In [the hypothetical being addressed by Commissioner Quintenz], the code was specifically designed to enable the precise type of activity regulated by the CFTC, and no effort was made to preclude its availability to U.S. persons. Under these facts, I think a strong case could be made that the code developers aided and abetted violations of CFTC regulations. As such, the CFTC could prosecute those individuals for wrongdoing.

Think of someone asking you to borrow the keys to your car because they want to rob a bank. If you let them borrow your car, it would be reasonable for the government to hold you partially responsible for the ensuing criminal activity. However, it would be unreasonable for the government to prosecute the car manufacturer.[5]

To the extent that this passage provides insight on the future approach that the CFTC will take with respect to this issue, it suggests that the CFTC may adopt a foreseeability standard in determining the liability of parties involved in smart contracts and other DLT transactions that violate the CEA. It is possible that any forseeability or other standard that the CFTC develops over time could, depending on the facts and circumstances, also impose liability on parties ranging from the developers of the underlying network to parties maintaining and making available libraries of smart contract code and others. This risk may be more acute to the extent a person either is actively involved in arranging or facilitating the conduct at issue or collects fees in connection with its involvement in a smart contract or related transaction that violates the CEA, if the CFTC were to view such a party as being intimately associated with, or profiting from, violations of the CEA.

In recent remarks, Commissioner Quintenz referred to the above speech and elaborated on the foreseeability standard that it seemed to envision.[6] In particular, the Commissioner stated that the key determination is intent on the part of developers, especially as evidenced by (i) any modification to code that enhances unlawful activity, (ii) promotion of unlawful activity through a website or marketing materials, (iii) any financial stake in unlawful activity and (iv) whether code is narrowly designed for an unlawful purpose rather than broadly designed for legal purposes. He clarified, however, that these factors should not be viewed as exhaustive, or as independent, dispositive tests for liability. On determining intent, the Commissioner also cautioned that, “[t]he more a code is narrowly tailored to achieve a particular end, the more it appears as if it was intentionally designed to achieve that end.”[7]

Notably, the CFTC recently issued a Request for Input “in order to better inform the [CFTC’s] understanding of the technology, mechanics and markets for virtual currencies beyond Bitcoin, namely here Ether and its use on the Ethereum Network.”[8] The CFTC’s focus on Ethereum suggests that the CFTC may, in time, provide clarity regarding the question of allocation of liability, given that Ethereum, unlike the Bitcoin blockchain (on which the CFTC seems to have been most focused to date), is a programmable ledger. Until that time, however, DLT innovators, especially in the smart contracts space, may continue to be confronted with uncertainty regarding potential liability under the CEA.

[1] The CFTC’s efforts in this respect include, among other things, bringing various enforcement actions in connection with virtual currency-related transactions, issuing a proposed rule regarding the meaning of actual delivery within the context of retail commodity transactions in virtual currency, and issuing “primers” regarding virtual currency-related and smart contract-related issues.

[2] More fundamentally, the CFTC generally regulates derivative contracts in any “commodity,” as defined under the CEA, and the CFTC has stated in various pronouncements that Bitcoin and other virtual currencies constitute commodities. See, e.g., In re Coinflip, Inc., CFTC Docket No. 15-29, at 3 (Sept. 17, 2015).

[3] A Primer on Smart Contracts, CFTC (November 27, 2018) (available at:

[4] The CFTC has yet to bring any enforcement action in connection with smart contracts or other DLT applications that might illuminate the question of allocation of liability. Rather, virtual currency-related CFTC enforcement actions have focused on CEA violations such as the following: operating a Bitcoin options trading platform without registering as a swap execution facility (SEF) or designated contract market; a registered SEF platform failing to enforce prohibitions on wash trading and prearranged trading in connection with Bitcoin non-deliverable forward contracts; offering illegal off-exchange financed retail commodity transactions in Bitcoin and other virtual currencies; fraud and misappropriation in connection with solicited virtual currency-related investments and virtual currency-related derivatives; and ponzi schemes involving virtual currencies and virtual currency derivatives.

[5] Remarks of Commissioner Brian Quintenz at the 38th Annual GITEX Technology Week Conference (October 16, 2018) (available at: (emphasis added and footnotes omitted).

[6] How the CFTC Can Take a Pro-Innovation Posture While Maintaining Orderly Markets, Coindesk (February 12, 2019) (available at:

[7] Id.

[8] Request for Input on Crypto-Asset Mechanics and Markets, 83 Fed. Reg. 64563 (December 17, 2018).