The CFTC's recent announcement of its settlement with a decentralized crypto protocol operator and its two individual founders, together with its complaint against the successor protocol, reflects a novel approach to liability in enforcement efforts in digital assets markets. The CFTC's order raises liability concerns for anyone holding or trading tokens representing membership in a decentralized autonomous organization (DAO) or founding a DAO. This includes tokens outside of those cryptocurrencies currently considered commodities or non-security tokens (e.g., Bitcoin) by the CFTC and SEC.

On September 22, 2022, the CFTC settled charges with bZeroX, LLC, creator and operator of the bZx Protocol (now known as the Ooki Protocol) and its two founders, Tom Bean and Kyle Kistner, for various violations of the Commodity Exchange Act and CFTC Regulations. The bZx Protocol facilitated trading in virtual currency pairs on a leveraged basis using smart contracts on the Ethereum blockchain, which, according to the CFTC, required bZeroX to register as a designated contract market (DCM) and as a futures commission merchant (FCM), which bZeroX did not do. The CFTC also alleged that bZeroX did not adopt a customer identification program (CIP) or conduct appropriate KYC, as would have been required of a registered FCM.

The substantive charges – i.e., facilitating leveraged transactions and soliciting such transactions without appropriate registration – are relatively straightforward allegations from a CFTC enforcement perspective. The novel aspect of the charges and its accompanying settlement, however, is the theory through which the CFTC imposed liability on the individual founders of bZeroX: as to the charges against Mr. Bean and Mr. Kistner, the CFTC's theory that they were "controlling persons" for purposes of CEA liability depended upon their membership, use of tokens, and voting in the DAO that ostensibly controlled the bZx Protocol.

According to the CFTC, in August 2021, bZeroX transferred control of the bZx Protocol to the "bZx DAO" (now known as the Ooki DAO), which allowed DAO token holders to vote on governance matters concerning the bZx Protocol. The CFTC apparently viewed this as a naked effort to avoid the agency's oversight, noting Mr. Kistner's public statement at the time of the DAO launch that the transfer of power was to "take all the steps possible to make sure that when regulators ask us to comply, that we have nothing we can really do because we've given it all to the community." OIP at 5. (Concurrent with the release of this settlement, the CFTC also filed charges in the Northern District of California against the Ooki DAO for parallel violations).

Prior to the DAO launch, Messrs. Bean and Kistner had controlled the bZx Protocol themselves as members of bZeroX, LLC – and after the DAO was in place, they, among other members of the DAO, had voting rights over the Protocol (and importantly, they did, in fact, vote on Ooki DAO proposals). From the CFTC's perspective, the Ooki DAO is an "unincorporated association" which violated the CEA through its role in the bZx Protocol – and Messrs. Bean and Kistner, as "members" of the DAO "who voted their Ooki Tokens to govern the Ooki DAO" (OIP at 11), are liable for the Ooki DAO's violations of the CEA and CFTC Regulations.

The CFTC's theory is untested, and notably relies on a thin thread of state case law holding members of unincorporated associations liable for the "debts" of such organizations. OIP at 11. In so doing, the CFTC attempts to fit the DAO into the commonly held federal view of an unincorporated association as a voluntary group of persons without a charter formed by mutual consent for the purpose of promoting a common objective.

Reflecting the tenuous nature of this theory, CFTC Commissioner Summer Mersinger issued a dissent from the settlement order, noting among other things that "this approach fail[s] to rely on any legal authority in the CEA, [and] it also does not rely on any case law relevant to this type of action." Commissioner Mersinger strongly criticized the "regulation by enforcement" represented by these charges, and also noted that the CFTC could have readily charged Messrs. Bean and Kistner under the existing standard for aiding-and-abetting liability explicitly provided by the CEA.

The CFTC's unprecedented approach in this case should raise serious concerns for anyone who holds and votes DAO tokens. While the CFTC is likely, as a practical matter, to reserve this strategy for the pursuit of charges against founders and others closely involved in such ventures (as were the individual respondents here), under the agency's theory, anyone who votes in a DAO could potentially be personally liable for regulatory violations of the DAO itself. But, as Commissioner Mersinger's dissent suggests, there are potential weaknesses to the CFTC's theory, which could be exposed should a similarly-situated respondent challenge such charges in court. Unfortunately, the present resolution through settlement does not provide any guidance as to the potential viability of such a defense – but future litigation over the federal court complaint may further illuminate these issues.