Regulating Tokenized Finance

The tokenized world of finance encompasses a wide range of products and services. This crypto world looks complicated to those most comfortable with the financial system inhabited by legacy institutions like commercial and investment banks, mutual funds, stock exchanges, and broker-dealers.

By tokenized, I am referring to financial products and services that are transferred between owners using some kind of distributed ledger blockchain payment and settlement system. Some believe these systems will develop into an important platform over which customers and business directly transact with one another quickly, cheaply, and over great distances by transferring some type of tokenized money between two internet addresses called “digital wallets.”

To some, the appeal of tokenized finance is its decentralized nature, meaning regular folks can transact and invest directly without the need for the services of a legacy financial intermediary. However, this idealized view belies the fact that tokenized finance has developed its own versions of legacy financial institutions like crypto asset exchanges, crypto custodians, and other service providers.

Some tokenized financial products, even those that trade on a distributed blockchain ledger, are controlled by an identifiable “central management structure” like legacy financial institutions. Private stablecoins that are backed by a managed portfolio of legacy reserve assets are just one example. These institutions are probably the easiest to accommodate into our existing regulatory regimes. Other so-called DeFi tokenized products and services are not organized and run like normal corporations and are more problematic for reasons I will discuss shortly.

Many tokenized products are designed to replace or replicate legacy financial products or services. Their developers often promise that these tokenized products and services will be better than old-school progenitors—faster, cheaper, safer, more private, more convenient—better.

In an open and competitive market, consumer preferences should eventually decide whether or not tokenized financial products are an improvement over legacy products. If tokenized finance offers better products, then they will eventually win the market competition unless something blocks their growth and adoption.

Those in the tokenized finance industry often argue the something stifling their industry are the government regulations that protect consumers and investors from market manipulation, fraud, and fiduciary mismanagement in the legacy financial system. The counterargument is that many of the benefits attributed to tokenized finance owe to regulatory arbitrage, meaning that many tokenized products may be cheaper, faster, or more convenient because they have skirted the regulations and safeguards that increase the cost and inconvenience of using legacy financial products and services.

Are Tokenized Products and Services Commodities, Securities, or Something Else?

Can tokenized finance be safe without all of the federal safety and soundness regulations that apply to legacy financial products? Are the consumer-investor protection laws and regulations that apply to legacy products and systems right for tokenized finance, or does regulation need to be modified to accommodate the unique features of tokenized financial products and services? If so, how?

Answering these questions is difficult in no small part because the legacy system of safety, soundness, and consumer protection laws and regulations in the US are themselves incredibly complicated. Many of these regulations are designed to prevent financial mismanagement, fraud, and market manipulation from threatening the safety of consumer savings, investments, and transactions intermediated by banks, asset exchanges, securities firms, and other financial intermediaries.

Some examples include: regular bank examinations; deposit insurance and the rules designed to safeguard the deposit insurance fund; limits on fraudulent credit card charges; limits on debit card interchange fees; state usury laws; financial statement audit rules; broker-dealer best execution rules; money market mutual fund asset quality and maturity rules; and SEC prospectus and disclosure requirements to name just a few.

As of today, in the US, tokenized products and related activities can be regulated under one or more federal and state regimes that apply to legacy financial products and services.

In general, US dollar stable coins are regulated under state laws that govern money transmission services like money remittances; the sale of stored value or prepaid cards; or selling payment instruments like money orders and traveler’s checks.

If a firm engages in any of these activities, it must be licensed as a money transmitter under state law unless it is an exempt institution. Banks are clearly in this business but are exempt institutions because they are otherwise regulated by state and federal supervisory agencies.

If a stablecoin pays interest or a dividend, the Securities Exchange Commission will likely designate it as a security and require it to comply with all SEC securities regulations.

Stablecoins and crypto asset exchanges are also subject to Bank Secrecy Act anti-money laundering and terrorism finance regulations unless the token is regulated by CFTC or the SEC.

But the regulatory environment for private stable coins is not a settled issue. The Biden administration has floated the idea of regulating private stable coins as banks, which would impose a host of new regulations and reporting requirements including regular examinations and a duty to comply with the Community Investment Act. Members of Congress have floated alternative ideas in legislation that would create a “federal stablecoin charter” that would involve less intrusive regulation than requiring stablecoins to be regulated as banks.

If a tokenized asset is deemed to be a security or an investment contract, it must register with the SEC and comply with all existing laws and regulations that apply to registered securities. The U.S. Supreme Court’s Howey case and subsequent case law have found that an investment contract exists when there is the investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.

Without new legislation clarifying the regulation of tokenized financial products and services, the industry may have to run a similar gauntlet of tens of thousands of pages of regulations and legal rulings.

According to the SEC, if an offer and sale of a digital asset must be purchased or otherwise acquired in an exchange for value, whether in the form of fiat currency, another tokenized asset, or another type of consideration, it meets one of the criteria needed to legally be classified as a security.

The SEC believes investments in digital assets are investments in a common enterprise because the fortunes of digital asset purchasers have been linked to each other or to the success of the promoter’s efforts.

The SEC argues that a purchaser has a reasonable expectation of profits or other financial returns derived from the efforts of others if the purchaser expects to receive valuable distributions or realize appreciation on the asset by selling at a gain in a secondary market; or, a promoter, sponsor, or other third party provides essential managerial efforts that affect the success of the enterprise, and investors reasonably expect to derive profit from these efforts.

The SEC has publically posted a document that provides more detail on its current interpretation of the laws and legal precedents that ultimately determine whether a tokenized asset is a security.

If the SEC is successful in designating a tokenized financial product as a security, the product becomes subject to a host of SEC disclosure, audit, trading, and clearing and settlement rules—some of which are not well-aligned with the technology of tokenized financial products and trading mechanisms.

For example, if a token is deemed to be a security, it must routinely disclose information relating to the essential managerial efforts that affect the success of the enterprise. This rule is designed to reduce information asymmetries between insiders and investors that would otherwise disadvantage investors.

The problem posed by this requirement for tokens that are truly decentralized financial products and services, or so-called DiFi tokens, is that these endeavors are merely a collection of computer code that can be executed on a compatible distributed blockchain ledger. True DiFi financial products and services do not have balance sheets, income statements, or a management, and they are often executable on unaffiliated blockchain ledgers which are designed to accept and execute programming code that runs “smart contracts” built by independent DiFi developers.

Some in the crypto industry argue that smart contracts and tokenized financial payments are the next steps in the evolution of the internet. The so-called web 3.0 will enable humans and machines to interact in new ways using tokenized currency. For example, your next refrigerator may be able to execute a smart contract to monitor its contents, compare them with a list of items you specify, and automatically order from your favorite grocer, who delivers the goods to your door. Your refrigerator will likely have to pay for the order with a tokenized currency, not only because developers think in terms of public ledger payment systems when designing smart contracts, but because bank and card payment systems are not so easily interfaced with the internet.

DiFi smart contract products are designed and built by developers, but once the code is written and executable on a public ledger, the original developers may no longer have any duty or ability to manage or safeguard the DiFi code they developed. In many cases, the ability to subsequently alter the DiFi code after its initial launch is vested in the DiFi’s token holders through an explicit voting protocol built into the DiFi contract itself. Once it is launched, a DiFi smart contract may not be controlled by its initial developers. However, it is also possible that the developers maintain sufficient tokens to control the DiFi contract in which case the SEC would likely argue that the developers were actually the DiFi’s management. Even if a DiFi smart contract arguably has a management, the DiFi product may still not have a balance sheet or income statement of its own making it difficult if not impossible to comply with current SEC regulations.

If a tokenized asset is deemed to be a commodity, it is regulated by the Commodity Futures Trading Commission. The CFTC regulates commodities, futures, options on futures, swaps on commodities or commodity transactions, institutions involved in these activities, and the trading processes. The CFTC polices against market manipulation in the spot markets that underlie the derivative products and courts have ruled it can take enforcement actions over virtual currency fraud even where no derivatives are present.

The CFTC currently considers Bitcoin and Ether to be commodities and regulates exchanges that trade futures or options contracts on these tokens. It also prosecutes alleged market manipulation in the spot Bitcoin and Ether markets.

Longstanding civil laws can also be used to prosecute criminal fraud including specialized FIERRA laws that apply when the fraud is committed against covered financial institutions. However, unlike safety and soundness regulations that attempt to prevent misappropriations from occurring, prosecution occurs only after fraud is identified. Recoveries take time and victims are rarely made whole. For example, as recently as September 2021, the Department of Justice made recovery payouts to victims of the Madoff Ponzi scheme even though Bernie Madoff was arrested in 2008.

Several statutes can be important in prosecuting frauds perpetrated using crypto tokens. There are relevant federal statutes against organized unlicensed gambling and fraud that use the postal service or electronic communications. Several enforcement actions have successfully prosecuted crypto assets as Ponzi schemes. But again, this type of consumer protection takes place after the fraud has been committed and is time-consuming and expensive.

If this sounds complicated, that is because it is. The regulatory regime that applies to legacy financial products has evolved to include tens of thousands of pages of regulations and legal rulings that represent compromises among six or more separate independent federal regulatory agencies, 50 or more state regulatory agencies, and several powerful Congressional Committees—all with competing self-interests. Without new legislation clarifying the regulation of tokenized financial products and services, the industry may have to run a similar gauntlet.