VOTER BEWARE! Personal Liability for DAO Token Holders for Voting?
September 28, 2022
By Eric Sibbitt, Michael Spafford, Lisa Rubin, Gabriel Khoury & Camille Yona
New CFTC Action has Significant Implications for DAO Participation and Structures
Decentralized Autonomous Organizations (“DAOs”) provide a new way for individuals across the globe to use blockchain technology to pool resources, collaborate, and otherwise interact in a more participatory, fluid and decentralized manner than traditional corporate entities. A new CFTC order, however, carries significant potential implications for DAO structures and participation by suggesting that voting alone is enough for personal liability for the actions of a DAO.
On September 22nd, the CFTC settled charges against bZeroX, LLC, which created and operated a decentralized blockchain-based software protocol (bZx Protocol) that subsequently was transferred to the bZx DAO, and its two founders allegedly for: (1) offering leveraged and margined retail commodity transactions in digital assets; (2) engaging in activities only registered futures commission merchants can perform; and (3) failing to adopt a customer identification program as part of a Bank Secrecy Act compliance program, as required of futures commission merchants. Simultaneously, the CFTC filed a federal civil enforcement action in the U.S. District Court for the Northern District of California, charging the Ooki DAO, the successor to the bZx DAO, with violating the same laws as bZeroX and seeking restitution, disgorgement, civil monetary penalties, trading and registration bans, and injunctions against further violations.
The CFTC stated that bZeroX and its founders “designed, deployed, marketed and made solicitations” concerning a blockchain-based software protocol that allowed users to contribute margin to open leveraged positions whose value is determined by the price difference between two virtual currencies in a way that was advertised to be decentralized. The CFTC reasoned that this fact enabled the blockchain protocol to function “similarly to a trading platform” by permitting users to contribute collateral to open leveraged positions whose ultimate value was determined by the price difference between two digital assets from the time the position was established to the time it was closed.
The CFTC determined that the bZx DAO, which controlled and operated the bZx Protocol, and its successor the Ooki DAO, which controlled and operated the Ooki Protocol, solicited and executed illegal off-exchange retail transactions with U.S. customers involving “leveraged positions whose value was determined by the price difference between two digital assets.” Leveraged retail U.S. commodity transactions not delivered within 28 days must be transacted on or subject to the rules of a designated contract market. The CFTC’s exercise of enforcement authority over what it considers to be leveraged retail transactions occurring within the U.S. or involving U.S. residents is not particularly new. Neither is applying liability against persons deemed to be control persons (in this case the co-founders and owners of the initial corporate entity, which allegedly operated the protocol and DAO). The CFTC also indicated that the founders announced that the Ooki DAO was set up to avoid regulatory oversight.
What is potentially more far-reaching is the suggestion that holding and voting DAO tokens was in and of itself a sufficient basis for personal liability for the actions of the DAO. In connection with the settlement, bZeroX agreed to civil monetary penalties not only for the action of the corporation they owned, but also for the purported illegal actions of the Ooki DAO because as Ooki Token holders they voted on governance issues.
The CFTC’s Reasoning for Imposing Liability
The CFTC determined that the Ooki DAO meets the federal definition of a for-profit unincorporated association and applied state partnership law to determine that members of an unincorporated association organized for profit are personally liable for its debts. The CFTC then concluded that because DAO members are personally liable for debts of a for-profit unincorporated association, they are personally liable for Commodity Exchange Act (CEA) violations without expounding upon the basis for that conclusion in the order. In particular, the CFTC found that.
- The Ooki DAO is a “voluntary group of persons” consisting of those token holders who voluntarily vote with their tokens on governance matters.
- There is no corporate charter or legal entity structure that exists.
- The DAO is “formed by mutual consent for the purpose of promoting a common objective” because the token holders voluntarily vote for the purpose of promoting the common objective of governing the Ooki Protocol. For example, a proposal was granted with 91 million OOKI tokens voting “yes” to modify OOKI reward structures. Another Ooki proposal to hire a new community manager passed with 77 million OOKI tokens votes. The Ooki DAO is thus an unincorporated association of token holders voting their tokens, according to the CFTC.
- The DAO is “for-profit” because it charges fees for its products and services, generates revenue, distributes revenue to its members in various forms, offers ownership rights in the Ooki DAO in the form of Ooki Tokens, collects and liquidates collateral from users, and has never sought to be characterized as a non-profit organization in any federal or state registration or tax filing.
The CFTC held that once a token holder votes its tokens to affect the outcome of a DAO governance vote, that person has voluntarily participated in the association formed to promote the common objective of governing the protocol and thus is a member of the Ooki DAO unincorporated association. Although only the founders were found personally liable for Ooki DAO’s violation of laws, the CFTC leaves the door open for future enforcement actions potentially holding all DAO voting members personally liable, not just its founders.
The enforcement order is part of a negotiated settlement, does not reflect a judicial determination, and is not without dissenting legal views. Commissioner Summer K. Mersinger issued a dissenting opinion because the CFTC order “arbitrarily” defines an unincorporated association as token holders who exercise their voting rights (as opposed to those who do not vote) and may have the chilling effect of discouraging voting participation, which could undermine proper governance and compliance.
Commissioner Mersinger agreed that an association (like a DAO) is subject to the CEA, but disagreed that personal liability of DAO members may be based, “on a State-law doctrine that members of a for-profit unincorporated association are jointly and severally liable for the debts of that association.” The Commissioner argued that a federal enforcement action seeking civil money penalties is not collecting debts and should be based on the CEA, not state law. The Commissioner expressed the view that the facts were already sufficient to support liability for the founders under CEA Section 13(a) because they set in motion the Ooki DAO’s CEA violations by setting up the Ooki Protocol in the same purportedly illegal manner as the prior bZx Protocol.
The settlement did not resolve all claims relating to the Ooki Protocol and Ooki Dao, and litigation is pending which may address the liability of the Ooki DAO’s operation of the Ooki Protocol and define the scope of CFTC authority over decentralized entities.
Considerations for DAOs
Even prior to the action, some DAOs without formal entity structures faced the risk of being characterized as unincorporated associations with potential liability for the actions of the DAO and other DAO members. There is a wide range of approaches to DAOs, with some implementing a variety of onshore and offshore for-profit and non-profit entities. Additionally, some implement contractual arrangements, operational guidelines, and restrictions to enable the governance and operational objectives of a DAO community and to address regulatory compliance.
In light of the potential risks, there are a number of considerations that DAO participants may wish to evaluate, including the following:
- Incorporation and Formal Governance Structures. Incorporating or registering all or portions of the DAO into established formal legal entity structures, including traditional LLCs, stock and non-stock corporations, recently enacted corporate forms in states such as Wyoming oriented toward DAOs, and non-U.S. foundation and other structures.
- Individual Protections. Individual DAO members may incorporate their own personal LLCs or other corporate entities and observe the proper corporate formalities to seek to provide individual liability protections.
- Global Footprint. Consider the U.S. and non-U.S. footprint of a particular DAO community and whether domestic or foreign entity or hybrid structures, best reflect the desired organizational and operational profile of a particular project.
- For-Profit or Non-Profit? Consider whether the DAO has for-profit or not-for-profit or hybrid objectives, and whether the DAO or components of the DAO are best organized as for-profit or non-profit entities for corporate or tax purposes.
- U.S. Nexus. Understand that regardless of the structure of a DAO, U.S. regulators are most concerned with how a DAO’s activities may implicate U.S. persons, U.S. based activities or U.S. regulatory objectives.
- Corporate Formalities. Strictly adhere to the proper corporate formalities of the DAO structure to maximize the likelihood that the corporate forms are respected.
- DAO Guidelines. Although DAOs often operate more informally with fluid and evolving interactions, it may be prudent for DAOs to consider more formal and transparent guidelines on governance, operations, communications policies, restrictions on operations in certain geographies, KYC and AML compliance components, and other rules of the road to mitigate potential liabilities, as may be applicable to a particular DAO community.
- Ongoing Liability. Understand that notwithstanding the good faith efforts of a DAO community, there may be a risk that the CFTC or other regulators, such as the SEC, could nonetheless seek to continue to adopt similar theories to hold DAO members personally liable.
- Application of Existing Law to DAOs Remains Unsettled. Understand that while the most extreme potential implications of this action may be alarming, the action is a regulatory settlement and does not reflect a final determination in court and a court’s determinations are specific to the facts and circumstances of a particular case. There is a separate pending action against the DAO, and the outcome of that litigation may define CEA authority more authoritatively.
There is no single structure appropriate for all DAOs. Establishing new DAO structures or evolving existing ones necessitates analysis and implementation of the facts and intentions specific to each DAO. Additionally, it is important to evaluate how existing and new legal requirements in the CFTC order will be applied to DAOs.