Sidley Blockchain Bulletin – October 2024

1. NFTs Face Increasing Regulatory Scrutiny
2. DeFi Platform Settles CFTC Charges for Registration Violations
3. SEC Accountant Remarks on Exceptions to SAB 121
4. Why U.S. and Other Non-EU Firms Need to Be Ready for MiCAR
5. Sidley Partner Lilya Tessler to Speak at Avalanche Summit

1. NFTs Face Increasing Regulatory Scrutiny

On September 16, 2024, the SEC announced its third settlement with a company selling NFTs, alleging that the company conducted “an unregistered offering of crypto asset securities.”¹ The cease-and-desist order states that the company, Flyfish Club, LLC (Flyfish), offered and sold two types of NFTs as investment contracts to finance the construction and operation of a members-only club, restaurant, and bar. According to the order, purchases of the NFTs constituted investments in the club, with purchasers expecting to profit based on the industry expertise of Flyfish’s principals.

The order highlighted Flyfish’s statements that tied the NFTs’ value to the success of the restaurant and touted purchasers’ ability to profit, either by reselling the NFTs or leasing them to generate “passive income.” In addition to 13 examples pulled from Flyfish’s marketing communications and promotional materials, the SEC also cited specific statements made by purchasers (or potential purchasers) as evidence that such persons were motivated by the opportunity to profit rather than to make use of their membership. The fact that the NFTs can, in fact, be used to make dining reservations and were the exclusive means to access the club did not appear to meaningfully factor into the SEC’s analysis.

Republican Commissioners Hester M. Peirce and Mark T. Uyeda issued a dissenting statement,² criticizing the case as one in “an endless series of misguided and overreaching cases” from the “crypto-obsessed Commission.” The dissenting Commissioners assert that “the intent of a buyer cannot transform a non-security into a security” and call the Howey test “inapt” because the purchasers’ expectations, in their estimation, were to enjoy culinary experiences and exclusive membership benefits — notwithstanding that some (or even many) purchasers may have purchased the NFTs with speculative intent.

In addition to paying a monetary penalty, Flyfish agreed to destroy all Flyfish NFTs in its possession and remove all links to cryptoasset trading platforms from the Flyfish website and social media channels. Holders of NFTs may continue to use them for access to the restaurant, which is now open (or sell them, if they so choose).³

Allegations by private litigants that NFTs are securities have also survived motions to dismiss in federal district court, although the limited case law on this subject remains fact-specific.⁴ Following these enforcement actions and lawsuits, congressional leaders have introduced legislation addressing the legal and regulatory treatment of NFTs, aiming to ensure that consumptive-use NFTs and their evolving use cases are designated as consumer goods, not financial products.⁵

2. DeFi Platform Settles CFTC Charges for Registration Violations

The CFTC continues its enforcement focus in the DeFi space, having filed and settled charges on September 4, 2024, against Uniswap Labs (Uniswap) — the developer of a well-known DeFi trading protocol — for illegally offering leveraged or margined retail commodity transactions in violation of Section 4(a) of the Commodity Exchange Act (CEA) (see CFTC order here).⁶ The settlement requires Uniswap to pay a relatively small civil monetary penalty of $175,000, reflecting Uniswap’s substantial cooperation and remediation efforts, and to cease and desist from violating the CEA, as charged. The action follows similar cases brought by the CFTC in 2023 against DeFi protocol operators Opyn, Inc., ZeroEx, Inc., and Deridex, Inc. (the 2023 DeFi Sweep).

The CFTC’s enforcement action focuses on Uniswap’s blockchain-based digital asset trading protocol (Protocol) and the associated front-end web interface operated by Uniswap that makes the Protocol available to users (Interface), noting that Uniswap “was a major contributor to the development of the Protocol and during the relevant period deployed versions of the Protocol to the Ethereum blockchain” and that it “also created and maintained the Interface that facilitated access to the Protocol.”

The order finds that from at least March 2021 to approximately September 2023, Uniswap, through the Protocol and Interface, “facilitated” the offer to retail users (i.e., non-eligible contract participants (or ECPs)) of tokens — developed and issued by third parties unaffiliated with Uniswap — that provided users leveraged exposure to digital assets such as ether (ETH) and bitcoin (BTC). The order notes that the purchases and sales of the leveraged tokens contained no restrictions that would result in, and generally did not result in, actual delivery of the underlying commodities (i.e., ETH and BTC) within 28 days and therefore did not come within the exception available under the CEA’s retail commodity provisions (see CEA Section 2(c)(2)(D)(ii)(III)(aa), which provides an exception for contracts of sale that result in actual delivery within 28 days, and the CFTC’s associated interpretive guidance regarding retail commodity transactions involving certain digital assets). As a result, the order finds that leveraged tokens were subject to Section 4(a) of the CEA as if they were futures contracts and therefore were required to be executed on a CFTC-regulated designated contract market — which they were not.

Commissioners Summer Mersinger and Caroline Pham both dissented from the CFTC’s order (see here and here), expressing, among other things, concerns over the CFTC’s use of its enforcement authorities instead of providing clarity through notice-and-comment rulemaking. Notably, Commissioner Mersinger noted in her dissent that “Uniswap did not act as a liquidity provider, extend credit, actively trade leveraged tokens, or collect trading fees on transactions in the leveraged tokens at issue” and expressed concerns that the CFTC, through the settlement, “appears to be taking the position that any DeFi platform could be liable for any and all conduct occurring on its protocol.” Commissioner Mersinger also raised concerns that the settlement “creates a distorted precedent” because it penalized proactive efforts to comply with the law, highlighting the fact that Uniswap blocked the particular tokens at issue after the CFTC’s settlements in the 2023 DeFi Sweep.

In April 2024, Uniswap Labs received a Wells notice from the SEC for alleged violations of securities laws involving the Protocol. Unlike in this case, Uniswap publicly announced its willingness to litigate the SEC matter in court.

3. SEC Chief Accountant's Remarks on Applicability of SAB 121

SAB 121, among other things, directs covered entities that are responsible for safeguarding users’ cryptoassets to comply with the public disclosure requirements and additional financial statement accounting requirements to reflect risks and liabilities associated with this obligation (in contrast to how custodial obligations are typically presented).⁷ On September 9, SEC Chief Accountant Paul Munter delivered public remarks discussing situations when SAB 121 does not apply. Munter gave three examples based on real inquiries SEC staff have received from certain covered entities and stated that the staff have not objected to such entities’ conclusion, based on its particular facts and circumstances, that their arrangement was not in scope of SAB 121:

• A regulated bank that safeguarded cryptoassets for institutional customers only. The bank implemented stringent legal and operational controls to ensure that the assets were “bankruptcy-remote” (i.e., they would not be property of the bank’s estate and available for distribution to the bank’s creditors in the event of insolvency). These controls included maintaining separate accounts and segregated blockchain wallets for each customer and adhering to strict compliance protocols, including continuous oversight by the bank’s prudential regulators. The bank obtained a legal opinion from outside counsel supporting its conclusion that the assets were bankruptcy remote.
• An introducing broker-dealer (IBD), where a third-party provided cryptoasset trade execution and custody services for the IBD’s customers. Among other things, the third party was the agent of the IBD’s customer (not the IBD), and the IBD had no control over or rights to the assets. As with the bank, the IBD obtained a legal opinion assessing this arrangement that supported the assertion that customers’ assets would not be part of the IBD’s estate in the event of an insolvency, among other things.
• Entities that used distributed ledger technology to facilitate transactions in traditional financial assets, such as by “tokenizing” bonds. In these instances, the blockchain systems enabled the entities to correct errors, if needed, and allowed for the ability to attribute legal ownership of the underlying traditional assets to specific customers (such as through interoperability of the distributed ledger with traditional recordkeeping systems).

Takeaway: Adhering to SAB 121 may be prohibitively expensive for some businesses. Entities subject to SEC supervision that hold cryptoassets on behalf of customers or are contemplating doing so should carefully review Munter’s remarks. As Munter notes, the conclusions described in the remarks will not necessarily be the same for different fact patterns. It is therefore crucial to consult with an adviser with respect to these issues, as this guidance can significantly affect financial reporting and compliance obligations. Proper evaluation and consultation, which may in some cases include discussions with SEC staff, can help ensure that entities are adhering to the appropriate accounting standards and mitigating potential risks.

4. Why U.S. and Other Non-EU Firms Need to Be Ready for MiCAR

MiCAR is an EU regulation that imposes broad-reaching licensing and other ongoing requirements across a range of cryptoasset services and activities. It will apply generally from December 30, 2024. For readers whose first thought is “but we don’t have a business in the EU,” please read on.

Why do non-EU firms need to prepare for MiCAR?
Non-EU firms may fall within scope of MiCAR where they have clients, investors, agents, subsidiaries, or operations in the EU. Even a firm with no physical presence in the EU can fall within scope of MiCAR if it solicits customers or investors located in the EU or promotes or advertises its cryptoasset services or activities in the EU. Regulatory authorities are likely to interpret potential exclusions (including “reverse solicitation”) narrowly.

What kinds of cryptoassets and services are in scope of MiCAR?
MiCAR covers a broad range of cryptoassets and activities. MiCAR excludes certain NFTs and most cryptoassets that are currently regulated under other EU legislation, such as those that qualify as financial instruments (e.g., transferable securities, certain derivatives, and interests in certain investment funds). However, most other categories of cryptoassets generally fall within scope of MiCAR, and the scope of application differs from regulatory regimes in the U.S. and other jurisdictions.

MiCAR requires providers of a broad range of cryptoasset services to obtain prior regulatory authorization (EU-regulatory-speak for licensing) and to comply with various ongoing regulatory obligations, including financial crime requirements. Notably, certain regulated cryptoasset services are defined under MiCAR more broadly than may be expected.

For a more fulsome discussion of the types of cryptoassets and activities within scope of MiCAR, see our Sidley Update here.

What should firms do to prepare for MiCAR?
A first step is to conduct a scoping analysis to consider which, if any, of the firm’s current or planned activities or services could fall within scope of MiCAR and whether the firm is able to benefit from any exclusions or exemptions. Although firms familiar with the EU regulatory regime for financial instruments may recognize some of the concepts covered by MiCAR, the scope under MiCAR differs in material respects, and a specific analysis of its application is needed.

Firms that provide regulated cryptoasset services in the EU will generally be required to establish an EU subsidiary and obtain prior authorization from the relevant regulator in an EU member state. Regulators will generally expect firms to have in place the requisite policies, procedures, and resources to comply with ongoing regulatory requirements before granting authorization.

Firms that offer in-scope cryptoassets to the public in the EU or on an EU trading venue, and issuers of certain categories of stablecoins, will need to consider the application of the relevant investor protection rules under MiCAR, including whether prescribed disclosures and regulatory authorization are required.

Even businesses that are able and willing to structure their service offerings to fall outside the scope of MiCAR may need to develop and maintain policies and procedures to ensure they continue to fall out of scope and do not inadvertently trigger regulatory requirements in the EU.

5. Sidley Partner Lilya Tessler to Speak at Avalanche Summit, October 16-18, 2024, Buenos Aires, Argentina

Sidley partner Lilya Tessler will be speaking at next week’s Avalanche Summit, on the “Policy9000: Navigating Global Regulatory Shifts” panel. The panel will seek to demystify the complexity of global regulation and include a discussion of the impending Markets in Crypto-Assets (MiCA/MiCAR) regime, understand existing challenges to Web3, and define a path for navigating a global regulatory shift as the world adapts to a tokenized future. Other speakers will include distinguished industry figures including Lee Schneider of Ava Labs and Marina Markezic of the European Crypto Initiative. The panel is Wednesday, October 16, 11:30 a.m. – noon GMT –03 (10:30 a.m. – 11 a.m. EDT) at the Sol De Mayo Stage. Sidley has a number of complimentary tickets we can offer our clients; please contact pdaniels@sidley.com if you would like tickets.

¹ In the Matter of Flyfish Club, LLC, Securities Act of 1933 Release No. 33-11305 (Sept. 16, 2024) [https://www.sec.gov/files/litigation/admin/2024/33-11305.pdf]. See also Stoner Cats and Impact Theory. A major NFT trading platform also recently disclosed that it received a Wells notice from the SEC. OpenSea Blog, Taking a stand for a better internet, OpenSea (Aug. 28, 2024). Available at https://opensea.io/blog/articles/taking-a-stand-for-a-better-internet.
² Commissioner Hester M. Peirce, Commissioner Mark T. Uyeda, Sept. 16, 2024, Omakase: Statement on In the Matter of Flyfish Club, LLC
[https://www.sec.gov/newsroom/speeches-statements/peirce-uyeda-statement-flyfish-091624].
³ According to the Flyfish website, “The settlement agreement does not prohibit members from taking any actions with their previously purchased Membership NFTs. Meaning, everything stays the same and the original Terms of Use for Membership NFTs remain in place. Flyfish will not accept any royalties for any future sales going forward.” https://www.flyfishclub.com/sec-settlement (last accessed Sept. 26, 2024).
⁴ In one such case, defendants settled claims that they sold NFTs as unregistered investment contract securities, undertaking to decentralize the blockchain network the NFTs are traded on as part of the settlement agreement. Friel v. Dapper Labs Inc. et al., 1:21-cv-05837 (SDNY, Jul. 7, 2021). More recently, a second case alleging that NFTs were sold as unregistered investment contracts survived a motion to dismiss. Dufoe v. DraftKings Inc. et al., 23-cv-10524 (D. Mass. Mar. 9, 2023).
⁵ New Frontiers in Technology Act (NFT Act) [https://docs.house.gov/meetings/BA/BA21/20240918/117661/BILLS-118pih-conductastudyonNFTswhichwillincludeananalysisofthesizescoperolenatureanduseofNFTsthesimilaritiesanddifferencesbetween.pdf].
⁶ Multiple regulators are focused on DeFi. The SEC recently announced settled charges against three entities related to the DeFi trading platform Mango Markets for the sale of unregistered securities and engaging in unregistered broker activity.
⁷ SAB 121 has been controversial since it was issued on March 31, 2022. A measure to nullify SAB 121 passed both chambers of Congress earlier this year only to be vetoed by the President on May 31, 2024.

Sidley Associate Eugene Gonzalez and Knowledge Management Lawyer Daniel Engoren contributed to this Sidley Update.