This post was written by Urszula McCormack, Richard Mertl, Leonie Tear and Jack Nelson
Combine a smart contract with a website interface and you can easily create a decentralised exchange for trading digital tokens or other virtual assets (a “DEx”).
But what if the virtual assets that your DEx trades are securities?
Earlier this month, the United States Securities and Exchange Commission (“SEC”) announced its first enforcement action against the founder of a DEx. The charge? Operating an unregistered securities exchange.
This post outlines the key things you should know about DExes, and the regulatory concerns that have emerged. But first …
On 8 November 2018, the SEC instituted cease and desist proceedings against Zachary Coburn (“Coburn”) in relation to a DEx that Coburn had founded called “EtherDelta”. The SEC accepted a settlement offer from Coburn in relation to the proceedings, the terms of which formed the substance of an order (the “EtherDelta Order”) – to cease and desist violating US securities laws, to disgorge USD313,000 in profits gained through wrongful conduct and to pay a civil penalty of USD75,000.
A key issue for the SEC was that users of EtherDelta (“Users”) could buy or sell any token that was ERC20 compliant – there are no rules in the DEx smart contract that limit a User from trading any particular ERC20 token on EtherDelta.
In its 2017 report on decentralised autonomous organisations (the “DAO Report”), the SEC had previously stated:
a platform that offers trading of digital assets that are securities and operates as an “exchange,” as defined by the federal securities laws, must register with the [SEC] as a national securities exchange or be exempt from registration.
The SEC’s investigation into EtherDelta found that more than “3.6 million buy and sell orders in ERC20 tokens” on EtherDelta had included “securities” as defined in US securities laws. In the SEC’s eyes, this made EtherDelta a national securities exchange.
A DEx looks a lot like a traditional exchange …
The SEC’s action emphasised that the EtherDelta DEx functionally looks and operates a lot like a conventional exchange (and should be regulated accordingly). As the Co-Director of the SEC’s Enforcement Division said:
EtherDelta had both the user interface and underlying functionality of an online national securities exchange.
A DEx might also include customer service representatives, and allow users access to a variety of market information. The real difference between a DEx and a conventional exchange is that the DEx relies, in whole or in part, on smart contracts.
… but functions very differently
“Smart contracts” are computerised transaction protocols that can be coded, deployed and executed on a distributed ledger, such as the Ethereum blockchain (“Ethereum Blockchain”) – see our primers on Ethereum and smart contracts.
In relation to EtherDelta, the EtherDelta Order states:
On July 8, 2016, Coburn deployed the code for the first EtherDelta smart contract, written in the programming language Solidity, onto the Ethereum Blockchain. When it was deployed, the EtherDelta smart contract created an Ethereum Blockchain address, where the smart contract ‘resides.’
The Ethereum Blockchain is publicly viewable, and we can find the code for the EtherDelta smart contract here. Looking at this code, there are two key things to note about the EtherDelta smart contract that are illustrative of DExes in general
The novel feature of the EtherDelta platform, as contrasted to a conventional digital “alternative trading system”, is that the EtherDelta platform facilitates decentralised peer-to-peer settlement of trades.
Unlike a traditional omnibus account, there is no single person who controls the ETH or ERC20 tokens held in the EtherDelta smart contract. Control is left to the Users, who can withdraw or deposit their tokens into the EtherDelta smart contract at any time, subject to the terms imposed by the smart contract protocol. There is no third party approval required for withdrawal or deposit. In addition, when a “taker” accepts a “maker offer” through the EtherDelta order book, the EtherDelta smart contract protocol will assure that the trade automatically settles directly between the “maker” and the “taker”, without the need for any broker, dealer, custodian or other third-party intermediary to facilitate the process.
EtherDelta only accepts “ETH” (the native virtual asset of the Ethereum Blockchain) or ERC20 tokens for trading. In order to trade through EtherDelta, users need to send ETH or ERC20 tokens to the EtherDelta smart contract. All ETH and ERC20 tokens are pooled within the EtherDelta smart contract, but with each User’s account recorded separately by the smart contract.
In contrast to the peer-to-peer settlement system described above, the EtherDelta order book is maintained “the old fashioned way” – that is, through a centralised internet server controlled by EtherDelta. When a “taker” accepts a “maker” offer through the order book, this server in turn interfaces with the EtherDelta smart contract to trigger peer-to-peer trade settlement process controlled by the smart contract.
An important reason for hosting the order book on a centralised server, rather than the Ethereum Blockchain, is to lower the cost of trading on the system, and therefore incentivise greater trading volume. Attempting to operate the order book on the Ethereum Blockchain would be much more costly than operating just the settlement leg of each trade on the Ethereum Blockchain, because if the order book were also deployed on the Ethereum Blockchain, each “maker” offer would need to be recorded to the blockchain, and each such recording would incur a transaction “mining” fee payable in ETH. EtherDelta is able to keep trading costs low and “maker” offer volume high by processing all order placement activity on its centralised server and processing only actual trades on the Ethereum Blockchain.
Bringing this together, to place an offer to buy or sell a certain quantity of a certain ERC20 token (an “offer”), a “maker” User would …
- fund the EtherDelta smart contract with ETH or ERC20 tokens; and
- create and digitally sign an order on the Ethereum Blockchain, referencing the funds that the User holds in EtherDelta smart contract, and send it to the EtherDelta order book.
When a “taker” User wants to accept a valid offer, they would …
- fund the EtherDelta smart contract with ETH or ERC20 tokens (as specified in the buy order);
- select the desired offer from EtherDelta order book; and
- send it to the EtherDelta smart contract.
The EtherDelta smart contract would then automatically confirm that the offer is valid, and if it is, update each User’s funds held in the EtherDelta smart contract in accordance with that offer.
Of course, this all takes place “behind the scenes”: Users interact with the EtherDelta smart contract through the EtherDelta website. While it is possible to interface directly with the EtherDelta smart contract, most users would do so through this website for ease of use.
The chart below gives a high level overview of how the various flows work within EtherDelta:
We believe there are three key takeaways from the EtherDelta Order:
1. Software developers are at risk.
Developing software might not put you in the driver’s seat to direct all of its possible uses, but the closer you are to the action, the more likely you are to be at risk of liability for unlawful activities that use that software.
In particular, persons who deploy, promote, manage and earn revenue from smart contracts may be considered by regulators to operate those smart contracts – with the consequence that they then become liable for what occurs via those smart contracts.
It’s therefore critical to understand your exposure and act with caution.
2. Decentralisation does not mean no responsibility.
This is a common misconception.
While decentralisation can make enforcement more complex, it does not circumvent it. Based on our observations, we believe that the SEC is gearing up for more rigorous regulatory scrutiny of the digital token transactions.
For example, in the DAO Report the SEC signalled that decentralised autonomous organisations were not beyond its reach, and also recently reiterated this key message in this statement.
Furthermore, we sense a general heightened awareness and caution regarding regulatory compliance issues throughout the digital token community. For example, we believe that the fact that the SEC’s move against Coburn and EtherDelta drove down volume across other DExes is probably a direct indication of market concern that more regulatory action is on the way.
Moreover, beyond the recent SEC activities in the United States, we anticipate more action will be taken in various jurisdictions around the world, including Hong Kong, as the boundaries of regulatory jurisdiction are tested by new technologies.
3. Cooperate with regulators.
Regardless of your jurisdiction, should you or a project you are involved with become the subject of a regulatory inquiry from a competent authority, by all means cooperate!
The SEC stated in the EtherDelta Order that its decision to accept Coburn’s offer, and not to impose a greater penalty, was influenced by Coburn’s cooperation in the SEC investigation and prompt remedial actions.
If he had not fully cooperated, the civil penalty could have been far greater. Should a regulator ever come knocking, it’s important to cooperate fully, with appropriate professional advice. In our experience, competent regulators in the jurisdictions in which we practice take a more lenient approach toward cooperative respondents
Your first steps can be the defining ones: read more about this in our “Bank shutdown” alert.
Disclaimer: The information in this article is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. No information contained in this article should be construed as legal advice from KWM or the individual authors, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this article should act or refrain from acting on the basis of any information included in this article without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.