SEC v. EtherDelta {Big Picture}

Crypto for Regulators (CfR), Part 3 — Individual Liability

The latest crypto-regulatory story concerns charges brought against Zachary Coburn, founder of the unlicensed decentralized EtherDelta token exchange. (The title of this piece is SEC v. EtherDelta so as to capture the real stakes in this matter, but the actual enforcement action was against the creator of EtherDelta — Zachary Coburn.)

Over at Forbes, Michael del Castillo wrote an excellent piece on this. We recommend you check it out first for context.

The most notable part of Castillo’s reporting is this exclusive scoop:

SEC’s newly created cyber unit, Robert Cohn [sic, Robert Cohen], exclusively told Forbes that using any blockchain to create an exchange without central operations doesn’t remove the original creator’s responsibility.

Regulate the Chainsmith; Not the Chain

From the SEC’s perspective, going after individuals is a no-brainer. Exerting enforcement authority over individuals who create security token exchanges without registering with the SEC (or qualifying for an exemption) is a very effective way of policing.

Corporations can only act through individuals. Individuals are the ones who set and implement corporate policy and reap the gains. Hence, individuals offer easy enforcement targets.

Here’s the carefully worded SEC press release announcing that it settled charged with Zachary Coburn.

Over an 18-month period, EtherDelta’s users executed more than 3.6 million orders for ERC20 tokens, including tokens that are securities under the federal securities laws.

What’s the penalty for this? In the words of the SEC, again:

Without admitting or denying the findings, Coburn consented to the order and agreed to pay $300,000 in disgorgement plus $13,000 in prejudgment interest and a $75,000 penalty.

The penalty and disgorgement amounts seem extremely low. This suggests the monetary awards are meant to send a message regarding enforce-ability, as opposed to penalizing experimentation.

Why Is SEC Targeting CryptoCats?

Traditionally, the SEC would go after both the exchange and any individuals operating an unregistered exchange. In this case, the SEC pursued an investigation and prosecution of an individual to protect investors trading on an exchange. Among other frameworks, we can analyze this decision to go after individuals on (1) prudential, (2) technical, (3) liability limitation; (4) precedent grounds.

1. Prudential Considerations

Putting aside the substance/merits of the dispute, the big picture takeaway from this enforcement action is that enforcement against individuals is in many ways more advantageous than enforcement actions against corporate forms. Here’s why:

Corporations can engage in jurisdiction shopping and asset shifting. They can remain immune to U.S. enforcement reach indefinitely. Individuals will want to go back to the United States. When they do, a judicial judgment or administrative sanction against an individual can serve as an extremely effective lever of influence over the corporate form.

The best way to illustrate the lever of influence that the U.S. government has over individuals is to recall the plot line of the 2010 blockbuster, Inception. The central premise of the film is a hacker who gets in trouble with the federales, leaving him permanently exiled abroad. His kids are in the U.S. So Leonardo di Caprio will do everything possible — including the most dangerous hack ever attempted — to get back across the border.

2. Technical Considerations

A decentralized exchange (“DEX”) running on, say, the Ethereum network is, technically speaking, just code that’s running on nodes all over the Ethereum network. In these cases, going after the “exchange” itself is difficult because the exchange, by design, is distributed. Risk is diffused. Points of failure are minimized.

Trying to bring that type of exchange under the SEC’s regulatory control is difficult from an en-force-ment perspective. No regulatory agency has the resources to go after that type of Medusa-like entity.

So, going after the creator and operator of the exchange offers the next best thing. It may be far easier to identify individuals who are crossing into the U.S. than it is to apply law in extraterritorial ways against foreign defendants or investigative targets.

3. Liability Limitation Considerations

In many ways, applying en-force-ment levers directly on an individual behind an exchange is an even far more effective enforcement tactic than just going after a corporate entity.

In reputational and material liberty terms, individuals have much higher incentives to settle disputes and conform to regulatory expectations than disembodied corporate forms:

You can’t imprison a corporation; but you can imprison a CEO. So the threat of individual criminal or prolonged civil/administrative enforcement is a very strong compliance stick.

The corporate form would give the owners common law and statutory protection from liability. With personal liability, by contrast, there’s not even a veil of protection.

4. Precedent

Going after individuals is consistent with other multi-agency enforcement actions, such as the prosecution of Dread Pirate Roberts (aka Ross Ulbricht) for operation of the Silk Road marketplace.

Continued investigation, prosecution, and administrative oversight over individual creators, owners, and operators of blockchain networks allows the SEC and other U.S. federal agencies to maintain and expand enforcement precedent.

What’s Next?

A number of observers predict that future DEX operators will now be incentivized to launch their decentralized exchanges anonymously. Other developers note that this is par for the course for the SEC, and that more engagement with regulators is necessary not less.

We believe crypto’s postures of Crypto v. Law and Crypto v. SEC are not helpful. In our view, a better approach is to engage with regulators to explain how they can exercise strong independent oversight, while still permitting maximum innovation in the blockchain space.

You can learn more in our Crypto for Regulators series.