Tools
Fintech Law Assistant
Services
Private FundsRegistered FundsSEC ComplianceStartupsRIAsDigital Assets & DEFIIntellectual Property RightsData & Privacy ComplianceRegTechBlockchain AdvisoryM&A AdvisoryAML ComplianceCFTC Compliance
Resources
BlogNewsletter
About
Meet The TeamOur Partnerships
Contact

Decentralization Won't Protect You: Why DeFi and Digital Asset Startups Can't Ignore Legal Responsibilities

˿All Blog Posts
Decentralization Won't Protect You: Why DeFi and Digital Asset Startups Can't Ignore Legal Responsibilities
October 31st, 2024

For many founders in the decentralized finance (DeFi) and blockchain sectors, decentralization is viewed as an escape route from regulatory oversight. Yet, as cases like Rari Capital's and Nader Al-Naji's enforcement actions. demonstrate, the mere appearance of decentralization doesn't exempt crypto firms from legal accountability. Regulatory bodies, like the SEC, are looking beyond labels and scrutinizing these projects' economic reality and control structures. In the case of Rari Capital, attempts to market a decentralized protocol didn't prevent the SEC from classifying their platform's governance and assets as unregistered securities, especially when core decision-making remained centralized within a small leadership team. Similarly, with Nader Al-Naji'sBitClout , even adopting a pseudonym and claiming decentralization couldn't shield against charges when significant control and misrepresentation of assets were found.

These examples underscore a hard truth: decentralization does not equate to legal immunity. Regardless of the technology behind a project, crypto firms must align business practices with regulatory standards, particularly in disclosing truthful information to investors and ensuring compliance with securities laws. The message for DeFi and Web3 entrepreneurs is clear—regulators are closely watching, and compliance is non-negotiable.

Decentralization Doesn't Equal Immunity

One of the foundational ideals behind Web 3.0 and DeFi is decentralization. Projects like Rari Capital claimed that by using blockchain technology, smart contracts, and decentralized governance tokens, they were immune from the kind of regulatory oversight that applies to centralized financial institutions. However, the SEC's actions show that this is far from true.

The Rari Capital case highlights how claiming decentralization does not free you from legal obligations. Rari Capital operated Fuse, a platform for lending and borrowing crypto assets via smart contracts, without registering these offerings with the SEC. Despite Rari's efforts to present itself as a decentralized protocol, the SEC viewed the interests in Fuse pools (represented by 'fTokens ') as unregistered securities. The SEC also found that Rari Capital's leadership had direct control over the smart contracts, governance, and even the operational decisions regarding the pools, contradicting the notion of decentralization. (Does this sound familiar to anyone? We've all seen blockchain or decentralized companies claim decentralization when, in reality, a few founders control most of the operations.)

Business Practices Must Match Disclosures

The problem goes beyond decentralization. A recurring issue in many enforcement actions—including those against TrueCoin/TrustToken and Rari Capital—is the discrepancy between what a project discloses to investors and how it actually operates. Both firms marketed their products as transparent, decentralized, and secure, but their practices didn't align with these claims.

In Rari Capital's case, they advertised their 'Yield Aggregator' as an autonomous, automatic rebalancing system that optimized returns for investors. However, this system frequently failed in practice, and the team had to intervene to execute the rebalancing process manually. This misrepresentation was not just a technological shortfall—it was a significant breach of trust that directly impacted investors' decisions.

Similarly, in the TrueCoin case, the company misled investors by falsely claiming its stablecoin was backed 1:1 by U.S. dollars. Large portions of the reserves were invested in a highly risky, illiquid offshore commodity fund. This failure to accurately disclose their investment strategy's risks and true nature landed them in hot water with the SEC.

The Howey Test and Crypto: Ignoring the Risks

Many crypto founders still believe that if they structure their tokens or protocols in a certain way, they can avoid the Howey Test—the standard the SEC uses to determine whether an asset is a security. But simply avoiding calling something a security doesn't make it so. The Howey Test focuses on the economic reality of the offering, not how it's labeled.

In the Rari Capital case, both the governance token (RGT) and the interests in the Fuse pools (fTokens) were classified as securities under the Howey Test. Investors expected profits from the efforts of Rari Capital's team to manage and expand the protocol, and the economic fortunes of investors were tied to the platform's success. This is a clear example of how Web 3.0 startups can unintentionally create securities, even if they believe they operate a decentralized platform.

Founders who ignore the SEC's position on the Howey Test risk severe penalties. The Rari Capital team not only failed to register their offerings but also acted as unregistered brokers by facilitating transactions on their platform involving securities. This led to many violations, including unregistered securities offerings and broker-dealer requirements.

Key Lessons for Web 3.0 and DeFi Founders

1. Decentralization Won't Shield You.

No matter how decentralized your project is, if you or your team retain control over smart contracts, governance decisions, or user assets, your project will likely fall under regulatory scrutiny. The SEC is looking beyond labels and focusing on the economic substance of how these platforms operate.

2. Disclose Honestly and Accurately

Whatever you tell investors—whether about how your technology works, the risks involved, or how their investments are backed—must be truthful and match your actual practices. Misleading disclosures will not only damage your reputation but also attract enforcement actions.

3. Don't Ignore the Howey Test

Whether or not you agree with the SEC's interpretation of the Howey Test, the reality is that the SEC is using it to classify crypto assets as securities. Ignoring this fact is extremely risky. Consult legal experts to assess whether your project may qualify as a security and ensure you're complying with U.S. securities laws.

4. Register, Register, Register

If your token or crypto asset qualifies as a security, it's essential to register your offerings with the SEC or seek an exemption. Unregistered offerings lead to severe financial and legal penalties, as seen in numerous cases across the crypto industry.

Conclusion: Compliance is Non-Negotiable

For Web 3.0 and DeFi startups, legal compliance is not optional. Whether it's following through on your disclosures or registering your offerings, the risks of ignoring securities laws are too high. The SEC's aggressive stance against crypto and digital assets is clear: decentralization does not exempt you from regulatory compliance.

By integrating transparency, honesty, and regulatory awareness into your project, you can avoid the costly mistakes that have tripped up companies like Rari Capital and TrueCoin. Consulting with legal professionals who understand blockchain technology and securities regulations is critical for long-term success.

For founders navigating these challenges, being proactive and staying compliant is the best way to build a sustainable, legally sound platform.

Share This Blog Post