DeFi protocols that stay centralized rather than embracing fully distributed DAO governance — which typically means issuing a governance token — face a number of challenging issues.
For starters, the developers could be held liable in the event of an exploit. If a hacker is able to find a way in and steal user funds, for instance, users could legally claim that the developer, as a general partner, is personally liable. Second, many DAO users prefer a decentralized alternative that requires little trust between the involved parties over a protocol in which a single party or group maintains control, which means they will leave for competing decentralized services.
The reality is that DeFi projects that fail to achieve decentralization are unlikely to succeed in the long run. And as the SEC and other regulators raise their eyebrows at this growing sector, the main question on everyone’s mind is how to achieve decentralization without running afoul of existing regulations. It's a significant industry challenge without an obvious solution.
We at Shipyard have come up with a handful of guideposts:
- Know who the regulators are and why they exist. Despite some crypto projects’ aversion to regulation, most regulators are well-intentioned, and if the letter of the law is contradictory then it’s important to work within the spirit of the law. To do so, read the mission statements of regulators like the SEC and FinCEN that may have jurisdiction over your project. These mandates offer useful guidance on how to proceed.
- Have good intentions. Be as honest and transparent as possible, set reasonable expectations, and prevent bad actors and unlawful transactions. For example, Clipper DEX contains an on-chain blacklist of OFAC-designated wallet addresses that cannot transact on the exchange. There are a variety of ways to prevent illicit transactions, and it’s important DeFi developers prioritize this.
- Learn what your potential liability looks like. Unincorporated DAOs may be treated by U.S. law as member-managed unincorporated partnerships, which do not provide limited liability. That means if you're a multisig holder for a DAO you may be personally liable for its actions, even if the DAO has a governance token and thousands of other members. As such, it may be wise to incorporate your DAO, though laws are just starting to accommodate the unique characteristics of blockchain-based organizations. And if you think you might get sued, that seems a pretty strong indicator that you should consider an alternative path altogether.
- Focus your token on your users. US securities regulations are based on the Howey test, which comes down to whether token holders expect profits derived from the efforts of others. Since expectations matter, it's better to avoid the notion of investors altogether. Of course, investors will disagree, as will many lawyers, but remember they have a vested interest in their advice: investors want to buy tokens to flip them, and lawyers get paid handsomely for structuring token deals.
Rather than doling out cryptocurrencies to investors, most DeFi projects are better off putting governance tokens in the hands of actual users. This requires designing your token, communicating its use, and distributing it in a way that avoids any semblance of an “investor”. In other words, focus on your token’s usage benefits and governance features, not its inherent value or investment potential, and attract as many users as possible before releasing a token to maximize real-world usage at your issuance.
- Avoid icebergs that could sink your ship. There is a lot of groupthink within the crypto space, which provides an excuse for professionals to take advantage of regulatory ambiguities and advance unproven theories. For example, during the 2017 ICO boom, top law firms advised clients that as long as a token had an anticipated utility in a product, it would not qualify as a security (hence the term “utility token”) But a couple years later the SEC issued guidance clearly contradicting this. In retrospect, this was an obvious outcome - anticipated utility isn’t actual utility. Good leaders should always be on the lookout for possible icebergs resulting from groupthink.
- Exclude jurisdictions in which you can’t comply. Regulations typically apply based on where your users are, not where you are. If you are launching a decentralized financial service, it may be best to exclude the U.S. and focus on growing your overseas user base. Once you have achieved genuine decentralization there, it’s up to them what to do next.
As with Darwinian natural selection, DeFi protocols that don’t decentralize are at a competitive disadvantage and tend to die off. But DAOs must also adhere to existing regulations, vague as they may be, or risk getting snuffed out prematurely.
If you ship your product roadmap as soon as possible without violating the above principles, you’ll likely have a plan that is legally compliant while fostering a community that has taken the project’s values to heart. This is crucial, given that once your DeFi project is decentralized it is out of your control and in the hands of the community. The key to long-term success is a strong foundation.