<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[Web3 vs. the Law ]]></title><description><![CDATA[Web3 Legal, Regulatory, and Compliance Updates and Analysis]]></description><link>https://davidlopezkurtz.substack.com</link><image><url>https://substackcdn.com/image/fetch/$s_!wmoa!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F755613e9-b738-4314-9eee-9c1793922eba_512x512.png</url><title>Web3 vs. the Law </title><link>https://davidlopezkurtz.substack.com</link></image><generator>Substack</generator><lastBuildDate>Tue, 07 Jul 2026 18:40:57 GMT</lastBuildDate><atom:link href="https://davidlopezkurtz.substack.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[David Lopez-Kurtz]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[davidlopezkurtz@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[davidlopezkurtz@substack.com]]></itunes:email><itunes:name><![CDATA[David Lopez-Kurtz]]></itunes:name></itunes:owner><itunes:author><![CDATA[David Lopez-Kurtz]]></itunes:author><googleplay:owner><![CDATA[davidlopezkurtz@substack.com]]></googleplay:owner><googleplay:email><![CDATA[davidlopezkurtz@substack.com]]></googleplay:email><googleplay:author><![CDATA[David Lopez-Kurtz]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[What CLARITY Doesn't Do]]></title><description><![CDATA[Unresolved Tax, ERISA, and CFTC-Jurisdictional Questions]]></description><link>https://davidlopezkurtz.substack.com/p/what-clarity-doesnt-do</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/what-clarity-doesnt-do</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 06 Jul 2026 16:02:17 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!WCb_!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The thirteen posts that precede this one in the series have walked through what CLARITY does. It establishes the trichotomy of network token, ancillary asset, and digital commodity. It builds a &#167;4B disclosure-only regime around the ancillary-asset class. It codifies the &#167;104 coordinated-control test and the &#167;2(5) DGS doctrine. It draws the &#167;301 line for DeFi trading protocols. It immunizes software development and self-custody through &#167;&#167; 601, 604, and 605. It accommodates staking and airdrops through &#167;4B(a)(5). It authorizes bank participation in digital-asset markets through &#167;401. It extends customer-property protection to digital-asset intermediary bankruptcies through &#167;701. It addresses stablecoin yield through &#167;404. It draws the NFT line through &#167;602. It establishes tokenization parity through &#167;505. It addresses self-hosted wallets through &#167;307 and temporary holds through &#167;305.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!WCb_!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!WCb_!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 424w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 848w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 1272w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!WCb_!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png" width="1404" height="1041" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1041,&quot;width&quot;:1404,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2432590,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201516905?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!WCb_!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 424w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 848w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 1272w, https://substackcdn.com/image/fetch/$s_!WCb_!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F386a0922-6f4a-4b0f-ab6b-3449d5cab495_1404x1041.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The bill is, in the aggregate, the most substantial digital-asset legislation in U.S. history. It is also conspicuously silent on a long list of questions practitioners will continue to encounter. This capstone post walks through the principal gaps. The structural shape is what the bill leaves unresolved (tax, ERISA, state law, cross-border, residual CFTC jurisdiction) and what watching the post-enactment rulemaking and legislative cycles is going to require.</p><p>The architectural point is that CLARITY is a securities-and-CFTC-jurisdiction bill with banking and bankruptcy adjuncts. It is not a tax bill. It is not an ERISA reform. It is not a uniform-commercial-code amendment. It is not a comprehensive cross-border regulatory framework. Each of those is a separate downstream fight. Some are sequenced for legislative action (the Lummis-Gillibrand RFIA framework remains the natural companion legislation for the tax provisions). Others are sequenced for agency rulemaking (Treasury and IRS will continue to develop interpretive positions on &#167;6045 reporting, the &#167;1058 securities-lending parallel for LSTs, and the &#167;475 mark-to-market election). Others are sequenced for state-law adoption (UCC Article 12 status varies by state, and the &#167;505(b) sense-of-Congress endorsement does not move the needle on actual state-by-state adoption).</p><h4>Tax: the Central Gap</h4><p>The most consequential silence in CLARITY is on federal tax treatment. Three principal questions remain unresolved.</p><p>&#167;1001 realization treatment of token transactions. The IRS position under Notice 2014-21 is that virtual currency is property and that exchanges of one virtual currency for another are taxable events. Rev. Rul. 2023-14, 2023-33 I.R.B. 484, applied dominion-and-control analysis to staking rewards, treating them as taxable income upon receipt at fair market value. Notice 2023-34 followed, addressing certain related questions. The remaining open issues are substantial: token wrapping (wrapping ETH into wETH), bridging across chains (bridging USDC from Ethereum to Solana), rebasing (positive and negative rebases on rebase tokens like AMPL), and chain reorganizations (when a transaction is reorganized off the canonical chain). The &#167;1001 analysis on each of these mechanisms turns on whether the transaction constitutes an exchange of one property for materially different property under <em>Cottage Savings Ass&#8217;n v. Commissioner</em>, 499 U.S. 554 (1991). The IRS has not addressed most of these issues with formal guidance, and CLARITY does not direct it to. The joint SEC-CFTC interpretation effective March 23, 2026, Release Nos. 33-11412 and 34-105020, addresses wrapping at the securities-law level (a Redeemable Wrapped Token that is a receipt for a non-security crypto asset not subject to an investment contract is itself not a security and not an investment-contract subject) but expressly disclaims any effect on the federal tax laws, stating that the interpretation &#8220;concerns the Federal securities laws... [n]o interference is intended with respect to any other legal regime, including the Federal tax laws under the Internal Revenue Code.&#8221; The release&#8217;s characterization of wrapped tokens as receipts rather than separate property may, however, provide interpretive support for an IRS position that wrapping is not a &#167;1001 realization event. That argument is for taxpayers to make and the IRS to address; the structural gap remains. Token transactions that look operationally identical from the user&#8217;s perspective (a wrap, a bridge, a rebase) may have radically different tax consequences depending on the IRS&#8217;s eventual interpretive position.</p><p>&#167;1058 securities-lending parallel for liquid staking. Section 1058 of the Internal Revenue Code permits non-recognition treatment for securities lending arrangements that satisfy specified conditions (cash collateral, lender retains rights to substantially identical securities, no reduction in lender&#8217;s risk of loss or opportunity for gain, voting rights treatment, and similar). The structural analog for liquid staking is whether the deposit of ETH with Lido or Rocket Pool, and the receipt of stETH or rETH in return, is a &#167;1001 exchange (taxable) or a non-recognition event (deferred). The &#167;1058 framework was drafted for securities lending and does not extend to digital commodities. The IRS has not addressed the question directly, and CLARITY does not address it. The result is that liquid-staking transactions sit in tax uncertainty, with the most defensible position being that the LST deposit is a &#167;1001 exchange but the resulting tax liability is small because the LST and the underlying ETH have approximately the same fair market value. The harder question is what happens on redemption (when the holder exchanges the LST for the underlying ETH and accrued rewards). The Lummis-Gillibrand RFIA contains &#167;1058 parallel provisions for digital commodities; CLARITY does not.</p><p>&#167;475 mark-to-market election for digital commodities. Section 475 of the Internal Revenue Code permits dealers in securities and dealers in commodities to elect mark-to-market treatment, with ordinary income or loss recognition on year-end fair market value changes. The dealer-versus-trader distinction governs eligibility. Whether a digital-asset trading firm can elect &#167;475 treatment for its digital-commodity inventory turns on whether digital commodities are &#8220;commodities&#8221; within the meaning of &#167;475(e). The structural answer is probably yes, given that CLARITY classifies digital commodities under CFTC jurisdiction and that the &#167;475 commodity dealer election has historically applied to commodities under &#167;1256 (with some statutory qualification). But the IRS has not addressed the question, and CLARITY does not direct it to. The defensible posture for digital-asset trading firms is to make the &#167;475 election where possible and defend it on the basis that digital commodities are commodities for &#167;475 purposes.</p><p>The tax silence is deliberate, not accidental. The drafters of CLARITY made a structural choice to leave tax treatment to the Senate Finance Committee and the House Ways and Means Committee, with the expectation that tax legislation would follow on a separate timeline. The Lummis-Gillibrand RFIA framework is the natural companion. Whether that framework moves forward in the next legislative cycle is a contested question. The structural reality is that tax treatment of digital-asset transactions remains substantially unresolved through 2026 and beyond.</p><h4>ERISA Fiduciary Status</h4><p>Department of Labor Compliance Assistance Release 2022-01, issued in March 2022, warned 401(k) plan fiduciaries to exercise &#8220;extreme care&#8221; before adding cryptocurrency to plan investment menus. The Release was withdrawn under the Trump administration in 2025 and is no longer operative guidance, but the substantive ERISA fiduciary question remains. A plan fiduciary who includes Bitcoin or Ethereum as a participant-directed investment option must satisfy the &#167;404(a) duties of loyalty and prudence, which include the duty to monitor investment options and remove imprudent ones. The application of those duties to digital-asset investments is the substantive question.</p><p>CLARITY does not address ERISA fiduciary duties directly. The &#167;401 bank-permitted-activity framework includes custodial-and-fiduciary services for digital assets (&#167;401(g)(1)), which authorizes banks to act as fiduciaries with respect to digital assets. The structural effect is that a bank can serve as an ERISA fiduciary for a digital-asset investment option without facing a categorical ERISA-statutory bar. But the substantive fiduciary analysis (whether the investment option is prudent for the plan, whether participant-direction satisfies the &#167;404(c) safe harbor for participant-directed plans, whether the plan&#8217;s investment-policy statement appropriately addresses digital-asset risks) is unaffected by CLARITY.</p><p>The DOL is likely to revisit its 2022 guidance in light of CLARITY&#8217;s structural commitments. The substantive direction is uncertain. The pre-2022 DOL position on alternative investments in defined-contribution plans (Information Letter 06-03-2020 on private-equity investments) was relatively permissive, with the fiduciary duty applying to the inclusion decision but not categorically barring the investment class. The post-2022 position has been more cautious. CLARITY, if enacted, will trigger the next round.</p><p>The substantive fiduciary risk for plan fiduciaries who include digital-asset investment options is the principal practical concern. A plan fiduciary who includes a Bitcoin index fund in a 401(k) menu and sees substantial participant losses faces potential &#167;502 fiduciary-breach litigation. The defenses available to the fiduciary (procedural prudence, qualifications of the third-party investment manager, alignment with plan investment policy) are the conventional ERISA defenses. CLARITY does not change the substantive standard or the available defenses. It simply removes the categorical structural concern that digital-asset investments are impermissible per se.</p><h4>State Law: UCC Article 12 and State Money-Ttransmitter Llicensing</h4><p>State-law adoption of UCC Article 12 on controllable electronic records is the principal property-law question. As of mid-2026, approximately thirty states have adopted Article 12 in full or in substantial part. The &#167;505(b) sense-of-Congress endorsement does not accelerate adoption. The remaining states (including substantial economic centers) operate under the pre-Article 12 property-law framework, which produces uncertainty about how digital assets are owned, transferred, and pledged as collateral.</p><p>The structural consequence is that the choice of state law for digital-asset transactions matters. A transaction governed by Delaware law (which has adopted Article 12) sits in a clearer property-law framework than one governed by New York law (which has not, as of mid-2026, adopted Article 12 in full). Cross-border transactions involving multiple state-law venues face additional complexity. Venue selection should follow the Article 12 adoption map, and transaction documentation should address the property-law questions explicitly.</p><p>State money-transmitter licensing for DeFi front-ends is the second principal state-law question. The FinCEN 2019 guidance and the &#167;604 BRCA framework address federal money-transmitter status for non-controlling developers and providers. State money-transmitter laws are not preempted by &#167;604. A state could, in theory, take a more aggressive position on state-money-transmitter status for DeFi front-end operators than FinCEN takes on federal money-transmitter status. The structural reality is that the major state money-transmitter regulators (the New York DFS, the California DFPI, the Texas Department of Banking) have generally tracked the federal position, but divergence is possible.</p><p>The &#167;15H(g)(1) federal preemption provision in the Exchange Act amendment under &#167;601 preempts state securities, commodities, and digital-asset laws as applied to the &#167;15H(b) software-developer activities. The preemption does not extend to state money-transmitter laws (which are not securities, commodities, or digital-asset laws in the federal sense). The structural effect is that state money-transmitter regulation of DeFi remains a state-law question, with the FinCEN federal framework providing interpretive support but not preemptive authority.</p><h4>Cross-Border Tax Treatment of Foreign-Issued Network Tokens</h4><p>The cross-border tax treatment of foreign-issued network tokens is the principal cross-border tax question. A token issued by a foreign foundation (a Cayman Islands foundation, a Marshall Islands DAO LLC, a Swiss foundation), held by a U.S. person, and producing yield through fee distributions or staking rewards, raises a series of questions. Is the U.S. person&#8217;s holding a PFIC under &#167;&#167; 1291-1298? Is the foundation a CFC under &#167;&#167; 951-965? Is the holder&#8217;s income subpart F income or GILTI? Is the holding subject to &#167;1297 PFIC look-through rules?</p><p>The IRS has not addressed these questions for digital-asset structures with formal guidance, and CLARITY does not address them. The structural reality is that U.S. persons holding foreign-issued network tokens face substantial tax-compliance uncertainty. The practical posture for most retail holders is that the holdings are too small to trigger PFIC or CFC analysis, but for institutional holders and high-net-worth individuals, the structural analysis is meaningful and unresolved.</p><p>The &#167;1297 PFIC look-through rules deserve specific attention. A foreign entity is a PFIC if 75% or more of its gross income for the taxable year is passive income, or if 50% or more of its assets produce passive income. A foreign foundation issuing a token whose value is largely derived from holding the token&#8217;s underlying protocol infrastructure may not be a PFIC under a substance-based reading. But the IRS has not provided guidance on how to apply the PFIC tests to digital-asset structures, and the structural analysis is uncertain.</p><h4>&#167;864(b)(2) Safe Harbor for Foreign Ttraders in Digital Commodities</h4><p>The trading-safe-harbor provisions of &#167;864(b)(2)(A) (stocks and securities) and &#167;864(b)(2)(B) (commodities) permit foreign persons to trade through U.S. brokers without being treated as engaged in a U.S. trade or business. The structural reality is that U.S. trading infrastructure (brokers, exchanges, custodians) is the natural counterparty for foreign trading activity, and the &#167;864(b)(2) safe harbors permit foreign traders to use that infrastructure without triggering ECI exposure.</p><p>Whether digital commodities fit within the &#167;864(b)(2) safe harbors is a substantive question. The &#167;864(b)(2)(A) stocks-and-securities safe harbor applies to &#8220;stocks or securities&#8221; as defined in the section. Digital commodities are not stocks; whether they are &#8220;securities&#8221; for &#167;864(b)(2)(A) purposes is the question. The &#167;864(b)(2)(B) commodities safe harbor applies to &#8220;commodities of a kind customarily dealt in on an organized commodity exchange&#8221; if the transactions &#8220;are of a kind customarily consummated at such place.&#8221; Digital commodities trade on cryptocurrency exchanges that are not, in the conventional sense, &#8220;organized commodity exchange[s],&#8221; and the structural fit with &#167;864(b)(2)(B) is uncertain.</p><p>The Treasury Regulation under &#167;864(b)(2), Treas. Reg. &#167; 1.864-7(d), addresses agent imputation: trading through a U.S. agent does not create a U.S. trade or business if the agent is an independent agent acting in the ordinary course of its business. The structural analysis for digital-asset trading is whether the U.S. crypto-exchange operating as the trading venue is an independent agent for &#167;1.864-7(d) purposes.</p><p>CLARITY does not address &#167;864(b)(2) treatment of digital commodities. The Lummis-Gillibrand RFIA framework contains specific safe-harbor extensions; CLARITY does not. Foreign traders in digital commodities have to evaluate the &#167;864(b)(2) treatment on a fact-specific basis, with the conservative position being that the safe harbors apply by analogy and the aggressive position being that the absence of statutory clarification means the safe harbors apply by their terms.</p><h4>Residual CFTC Jurisdiction</h4><p>The CFTC&#8217;s authority over digital commodity intermediaries under the new Commodity Exchange Act &#167;1a is operationally significant but structurally complex. CLARITY establishes the CFTC as the primary regulator for digital commodity activity that is not within the SEC&#8217;s &#167;4B-and-&#167;301 framework. The CFTC&#8217;s authority extends to digital commodity brokers, digital commodity dealers, digital commodity exchanges, and related intermediaries. The structural framework is parallel to the CFTC&#8217;s authority over commodity futures intermediaries under the existing CEA.</p><p>The substantive scope of the CFTC&#8217;s authority is, however, contested. The residual question is which digital commodity activities are within CFTC jurisdiction and which are not. Network tokens are digital commodities for CLARITY purposes, but the &#167;4B framework applies to ancillary assets (a subset of network tokens) and operates as a SEC-regulated disclosure regime. The CFTC&#8217;s authority over network tokens that are not ancillary assets is direct. The CFTC&#8217;s authority over network tokens that are ancillary assets sits alongside the SEC&#8217;s &#167;4B authority, with the boundary requiring inter-agency coordination.</p><p>&#167;902 directs the SEC and CFTC to enter into a memorandum of understanding addressing the boundary issues. The MOU is the principal mechanism for resolving residual jurisdictional questions. The structural effect is that the boundary between SEC and CFTC authority over digital-asset activity is not finally resolved by CLARITY; it is delegated to inter-agency coordination through the MOU process.</p><h4>&#167;906 Effective Dates and Rulemaking Calendar</h4><p>&#167;906 establishes the effective-date framework. Most CLARITY provisions are effective on enactment, but the substantive operational requirements depend on the rulemaking timeline. &#167;905 directs rulemaking on a broad range of topics, with deadlines varying by topic. The principal rulemakings to watch over the 12-24 months following enactment are:</p><p>The SEC rulemaking under &#167;105(a) on the value-from-network rule for network tokens. One year deadline. The rulemaking will define when a network token is not considered to provide a disqualifying right under &#167;4B(a)(7)(B). The stakes: the rule sets the operational scope of network-token status.</p><p>The SEC rulemaking under &#167;4B(a)(5)(B)(iv)(II) on custodial and ancillary staking services. The rulemaking will define when custodial staking services are &#8220;exclusively administrative or ministerial in nature.&#8221; That line decides whether bank-and-exchange custodial staking products fit within the gratuitous-distribution framework.</p><p>The joint SEC-CFTC-Treasury rulemaking under &#167;404(c)(3) on stablecoin yield. One year deadline. The rulemaking will draw the line between deposit-equivalent yield (prohibited) and activity-based rewards (permitted). Stablecoin product design lives or dies on where that line lands.</p><p>The SEC rulemaking under &#167;301(b) on non-decentralized finance trading protocols. The rulemaking will determine which DeFi protocols are subject to Exchange Act registration and BSA obligations. The operational status of the major DeFi protocols turns on this one.</p><p>The Treasury rulemaking under &#167;307(c) on the self-hosted wallet risk assessment. The assessment will inform any subsequent Treasury guidance and is the operational ground for future framework decisions.</p><p>The joint SEC-CFTC rulemaking under &#167;402 on portfolio margining. The rule will address cross-margining of securities, swaps, futures, and digital commodities, with bankruptcy and SIPA treatment implications.</p><p>The Federal Reserve-OCC-FDIC rulemaking under &#167;403 on capital requirements for netting agreements. One year deadline. The rule will address capital recognition for close-out netting of digital-commodity transactions.</p><p>The SEC rulemaking under &#167;15H(d) on the four additional categories of DeFi-related activities (user interfaces, DGS administration, DEX participation, wallet-software distribution). The rulemaking will define the operational safe harbors for software developers and publishers.</p><p>The structural reality is that the operational landscape after enactment will be shaped by these rulemakings as much as by the statutory text. The comment-letter process is where those lines get drawn, and it will reward aggressive engagement, individually and through trade associations.</p><h4>The Unanswered Architectural Question: Agency Capacity</h4><p>The principal unanswered question that runs across all of the above is whether the SEC, CFTC, Treasury, and the federal banking agencies have the capacity to execute the rulemaking calendar in the deadlines CLARITY establishes. The SEC has substantial digital-asset expertise developed during the enforcement era; the question is whether that expertise can be redeployed effectively to rulemaking. The CFTC has historically been understaffed for its mandate; the substantial expansion of jurisdiction under CLARITY does not come with proportionate budget increases.</p><p>The structural risk is that the post-enactment operational framework develops more slowly than the statutory deadlines envision, with the industry operating in interpretive uncertainty until the rulemakings are finalized. The &#167;4B(d)(3) deemed-approval mechanisms and the &#167;305 good-faith-reliance safe harbors provide some structural protection during the interpretive interim. The &#167;906 effective-date framework provides additional structural protection by deferring substantive operational requirements until rulemakings are complete.</p><h4>The Watchlist</h4><p>The watchlist is the rulemaking calendar, the cross-reference legislation (Lummis-Gillibrand RFIA for tax, state UCC Article 12 adoption for property law, EU AMLR coordination for cross-border AML), and the inter-agency coordination mechanisms (SEC-CFTC MOU, Treasury-federal-banking-agency coordination, federal-state coordination on money-transmitter and securities-blue-sky issues).</p><p>The architectural commitments are now in bill text awaiting a signature. The operational details are in flux. The next twelve to twenty-four months will determine the practical scope of those commitments. Lawyers who engage in the rulemaking process, monitor the companion calendars, and track state-law adoption will advise with more certainty than those who treat CLARITY as a finished framework. The bill is a foundation, not a building. The building is still under construction.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/what-clarity-doesnt-do?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/what-clarity-doesnt-do?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/what-clarity-doesnt-do?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[CLARITY: §305's Temporary Hold]]></title><description><![CDATA[Pre-Seizure Freezes by Private Order]]></description><link>https://davidlopezkurtz.substack.com/p/clarity-305s-temporary-hold</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/clarity-305s-temporary-hold</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 03 Jul 2026 16:01:20 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!lQcW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The U.S. anti-illicit-finance framework has long included pre-seizure freeze mechanisms operating at the boundary between private-actor and law-enforcement authority. Banks have, for decades, exercised authority to refuse or delay suspicious transactions under the safe harbor of 31 U.S.C. &#167; 5318(g)(3), with notification protocols and immunity from private rights of action for good-faith implementation. The Right to Financial Privacy Act, 12 U.S.C. &#167;&#167; 3401-3423, governs the data-disclosure side of these holds. FinCEN 314(a) information-sharing requests permit law-enforcement-driven targeting of specific accounts. The cumulative framework operates through documented procedures, qualified immunity, and limited duration, with the understanding that pre-seizure freezes are tools for fraud and AML compliance rather than independent law-enforcement authority.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!lQcW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!lQcW!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 424w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 848w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 1272w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!lQcW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png" width="1396" height="864" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/a1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:864,&quot;width&quot;:1396,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2178492,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201510507?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!lQcW!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 424w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 848w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 1272w, https://substackcdn.com/image/fetch/$s_!lQcW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1caf751-5e52-4d7f-9eca-627af7fd86df_1396x864.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;305 of CLARITY would extend this framework to digital-asset transactions. A covered person (a permitted payment stablecoin issuer, a registered foreign issuer, or a digital-asset service provider) may implement a &#8220;temporary hold&#8221; delaying execution of a transaction, conversion, or withdrawal for up to 30 calendar days, extendable to 180 days by qualified written request from a covered agency. The trigger is either (i) a reasonable belief the transaction relates to an action or attempted violation of state or federal law, or (ii) a qualified written request from a covered law-enforcement agency. &#167;305(b) provides immunity from private rights of action for good-faith compliance. The structural similarity to the &#167;5318(g)(3) bank-fraud-hold framework is intentional.</p><h4>The &#167;305(a) Definitions and the &#167;305(b) Immunity</h4><p>&#167;305(a) provides the operative definitions. A &#8220;covered agency&#8221; is any state or federal law-enforcement agency, including the Department of the Treasury. A &#8220;covered person&#8221; is a permitted payment stablecoin issuer, a registered foreign payment stablecoin issuer, or a digital-asset service provider as defined in &#167;2 of the GENIUS Act. A &#8220;qualified written request&#8221; is a written communication from an authorized official of a covered agency that (A) identifies a specific wallet, address, account, or transaction reasonably suspected of being linked to illicit activity; (B) requests the covered person initiate an action with respect to the specified wallet, address, account, or transaction, including delaying the execution of a transaction, conversion, or withdrawal; and (C) includes a designated agency contact. A &#8220;temporary hold&#8221; is a restriction applied by a covered person that delays execution of a transaction, conversion, or withdrawal involving digital assets for a reasonable period of time, not to exceed 30 calendar days, extendable to an additional 150 calendar days (for a total of 180 days) pursuant to a qualified written request.</p><p>&#167;305(b)(1) is the immunity provision. A covered person that implements a temporary hold in good faith and in compliance with &#167;305 is not liable under any federal or state private right of action for implementing the hold, provided three conditions. (A) The covered person implements the hold based on reasonable belief the transaction relates to an action or attempted violation of state or federal law, or after receiving a qualified written request from a covered agency. (B) The covered person makes reasonable efforts to notify the affected customer of the hold, or reasonably determines that notification would impede actual or potential law-enforcement efforts, or receives a qualified written request that requests notification not be attempted. (C) The covered person notifies as soon as reasonably practicable an appropriate state or federal law-enforcement agency or the Federal Trade Commission, unless the covered person has received a qualified written request from a covered agency (which functions as the equivalent of advance notification).</p><p>The three conditions are structured as alternatives within each subparagraph. Reasonable-belief implementation or qualified-written-request implementation under (A); notification or non-impediment determination or qualified-written-request-with-non-notification under (B); law-enforcement notification or qualified-written-request-substitute under (C). The structural intent is to permit either private-actor-initiated holds (with notification to law enforcement) or law-enforcement-initiated holds (with no separate law-enforcement notification required because the request itself constitutes coordination).</p><p>&#167;305(b)(2) requires the covered person to maintain documentation for three years following the implementation of a hold, and to make the documentation available to a covered agency, the FTC, or the Secretary of the Treasury upon request. The documentation requirement operates as the audit trail for the hold mechanism and as the basis for any subsequent regulatory review.</p><h4>The Qualified-Written-Request Structure</h4><p>The qualified-written-request mechanism is the structural innovation of &#167;305. It permits law-enforcement agencies to obtain pre-seizure freezes on specific digital-asset wallets, addresses, accounts, or transactions through a written request rather than through judicial process. The Right to Financial Privacy Act, 12 U.S.C. &#167;&#167; 3401-3423, regulates law-enforcement access to financial records and ordinarily requires customer notice and either consent or judicial process. The &#167;305 framework operates as a parallel pre-seizure freeze authority that does not require judicial process but is subject to specific procedural requirements.</p><p>The structural elements of the qualified written request matter. (A) requires identification of a specific wallet, address, account, or transaction. Generic or category-based requests do not qualify. The request must be targeted to specific assets or specific transactions reasonably suspected of being linked to illicit activity. (B) requires the request to specify the action sought (delay, hold, or similar restriction). The request cannot be a generic monitoring or surveillance request; it must specify the freeze action. (C) requires a designated agency contact, which provides accountability for the request and a point of contact for further coordination.</p><p>The reasonable-suspicion standard is operationally important. The qualified written request must identify the targeted assets as &#8220;reasonably suspected of being linked to illicit activity.&#8221; The reasonable-suspicion standard is below probable cause (which would be the standard for judicial process) but above arbitrary or pretextual suspicion. The structural choice is to permit law-enforcement intervention at a lower evidentiary threshold than judicial process while requiring specific targeting and articulable basis.</p><p>The 30-day initial freeze and 180-day maximum freeze are calibrated against the structural realities of digital-asset investigation. A 30-day initial freeze gives law enforcement time to develop additional investigative facts. A 180-day maximum total freeze (with one extension) is the practical upper bound for pre-seizure investigation before judicial process is required for continued asset control. The framework operates as a bridge between the immediate suspicion-of-illicit-activity moment and the formal judicial-process moment that follows.</p><h4>The Reasonable-Belief Alternative</h4><p>&#167;305(b)(1)(A)(i) permits a covered person to implement a hold based on the covered person&#8217;s own reasonable belief that the transaction relates to an action or attempted violation of state or federal law. The covered-person-initiated hold operates without law-enforcement involvement at the front end. The covered person makes its own reasonable-belief assessment, implements the hold, notifies law enforcement, and maintains documentation.</p><p>The reasonable-belief standard is the covered person&#8217;s belief, supported by articulable facts available to it. The standard maps onto the bank-fraud-hold framework under &#167;5318(g)(3) and the SAR-filing reasonable-suspicion standard. Compliance staff at digital-asset service providers, like compliance staff at banks, develop transaction-monitoring programs that flag suspicious transactions based on pattern recognition, blockchain analytics, sanctions screening, and similar tools. A flagged transaction that supports a reasonable belief of legal violation can be subject to a &#167;305 hold.</p><p>The structural protection under &#167;305(b)(1) is that the covered person&#8217;s reasonable-belief determination receives qualified immunity from private rights of action. A customer whose transaction is held under &#167;305(b)(1)(A)(i) cannot, by virtue of the &#167;305 immunity, recover damages from the covered person for the hold, even if the suspicion turns out to be incorrect, provided the covered person complied with the &#167;305 procedural requirements. The structural choice is to encourage covered persons to exercise reasonable-belief hold authority by providing immunity for good-faith implementation.</p><h4>&#167;305(c) Rules of Construction</h4><p>&#167;305(c) provides four rules of construction limiting the &#167;305 framework. Each is structurally important.</p><ul><li><p>&#167;305(c)(1) clarifies that nothing in &#167;305 compels or requires any covered person to take action to freeze, seize, or block digital assets that is not otherwise required under existing federal or state law. The &#167;305 framework is permissive, not compulsory. A covered person may implement a &#167;305 hold; it is not required to. The structural choice is to provide a safe harbor for proactive compliance without imposing affirmative obligations.</p></li><li><p>&#167;305(c)(2) preserves federal-agency enforcement authority. The &#167;305 framework does not limit or alter the authority of any government agency, including with respect to authority to pursue enforcement actions. The structural commitment is that &#167;305 is a private-actor tool, not a regulatory framework that displaces conventional enforcement authority.</p></li><li><p>&#167;305(c)(3) preserves &#167;5318(g)(3) and SAR-filing requirements. The &#167;305 framework does not limit or affect the &#167;5318(g)(3) safe harbor or any regulation requiring financial institutions to report suspicious activity, and it does not limit or affect any lawful authority to seize or freeze assets pursuant to a lawful order or sanctions designation. The structural commitment is that &#167;305 operates alongside the existing AML/CFT framework rather than displacing it.</p></li><li><p>&#167;305(c)(4) addresses extraterritorial application. The &#167;305 framework does not limit the ability of a covered person to apply a temporary hold to any wallet, address, account, or transaction located outside the United States. The structural choice is to permit covered persons to implement holds on extraterritorial assets within their control, consistent with the structural reality that digital-asset transactions are inherently cross-border.</p></li></ul><h4>&#167;305(e) Court-Order Compliance for PPSIs</h4><p>&#167;305(e) imposes a separate compliance obligation on permitted payment stablecoin issuers. A PPSI shall comply with any valid writ, process, order, rule, decree, command, or other requirement issued or promulgated under federal law by a court of competent jurisdiction that (1) requires a person to freeze or prevent the transfer of payment stablecoins; (2) specifies the payment stablecoins or accounts subject to blocking with reasonable particularity; and (3) is subject to judicial or administrative review or appeal, as provided by law.</p><p>The &#167;305(e) court-order-compliance framework is structurally distinct from the &#167;305(a)-(d) qualified-written-request framework. The court-order framework involves judicial process (a writ or order issued by a court), specific particularity (the stablecoins or accounts subject to blocking must be identified with reasonable particularity), and judicial review (the order must be subject to review or appeal). The framework operates as the formal-process counterpart to the &#167;305(a)-(d) qualified-written-request-and-reasonable-belief framework.</p><p>The PPSI-specific scope of &#167;305(e) reflects the structural importance of stablecoin compliance for the broader payments system. PPSIs are the regulated issuers of dollar-denominated stablecoins under the GENIUS Act framework. Their compliance with court-ordered freezes is operationally significant because PPSIs have the technical authority to freeze stablecoins (typically through the smart-contract permissions in the stablecoin contracts). The &#167;305(e) framework commits PPSIs to using that authority in compliance with judicial process.</p><p>The structural significance of &#167;305(e) is that PPSIs operate under judicial-process-compliance obligations parallel to those of traditional financial intermediaries. A court-ordered freeze of a bank account is followed; a court-ordered freeze of a stablecoin balance held in a PPSI-issued stablecoin must also be followed. The framework treats PPSIs as functional equivalents of banks for court-process purposes.</p><h2>Civil-liberties concerns and the structural guardrails</h2><p>The &#167;305 framework will draw civil-liberties concerns. Pre-seizure freezes by private actors, with qualified immunity and reduced procedural protections compared to judicial process, are inherently in tension with the Right to Financial Privacy Act framework and with Fourth Amendment principles. <em>Carpenter v. United States</em>, 585 U.S. 296 (2018), tightened the Fourth Amendment analysis for digital data held by third parties. The third-party doctrine that historically supported broad government access to bank records is more constrained post-<em>Carpenter</em>. Civil-forfeiture jurisprudence, including <em>Timbs v. Indiana</em>, 586 U.S. 146 (2019), has tightened the constitutional limits on pre-conviction asset seizure.</p><p>The &#167;305 framework&#8217;s structural guardrails are responsive to these concerns. The qualified-written-request requirement provides specificity (specific wallet, address, account, or transaction must be identified). The reasonable-suspicion standard provides articulability (the request must identify the targeted assets as reasonably suspected of being linked to illicit activity). The 30-day initial limit and 180-day maximum provide duration constraints. The notification requirements (unless impediment is reasonably determined or the qualified written request requests non-notification) preserve customer notice. The documentation requirements (three-year retention, agency access) provide audit-trail accountability.</p><p>The structural balance is the policy choice: pre-seizure intervention at a lower evidentiary threshold than judicial process, with procedural protections calibrated to the digital-asset transaction-velocity context. Whether the balance is correct is a contestable policy judgment. The &#167;305 framework&#8217;s structural commitments are at least more articulate than the alternative posture of either (i) no pre-seizure freeze authority for digital-asset transactions, leaving illicit-finance flows unrestrained until judicial process is obtained, or (ii) broad pre-seizure freeze authority without specific procedural protections.</p><p>The most direct civil-liberties analog to &#167;305 is the OFAC Tornado Cash designation arc. The August 8, 2022 OFAC SDN listing of Tornado Cash smart-contract addresses functioned as a pre-seizure asset block, with the OFAC designation operating as the trigger and the IEEPA enforcement framework operating as the legal basis. <em>Coin Center v. Yellen</em>, 5:22-cv-00149 (E.D. Ky.), and <em>Van Loon v. Department of the Treasury</em>, 122 F.4th 549 (5th Cir. 2024), litigated the constitutional limits of that mechanism, with the Fifth Circuit holding in <em>Van Loon</em> that immutable smart contracts were not &#8220;property&#8221; capable of being blocked under IEEPA. The &#167;305 framework is structurally distinct from the OFAC framework: &#167;305 operates against transactions held by covered persons within their control, not against immutable smart contracts. But the policy concerns about pre-seizure asset restraint apply across both frameworks.</p><h4>&#167;306 Voluntary Cybersecurity Program</h4><p>&#167;306 sits structurally adjacent to &#167;305. It directs NIST to establish a voluntary cybersecurity program for persons developing decentralized finance trading protocols or engaging in &#167;15H(b) covered activities (as defined in &#167;601, covered in Post #7 of this series). The program criteria address cybersecurity threats, vulnerabilities, auditing and code-security standards, consumer protection, and transparency. The program is voluntary, but adoption can be displayed publicly and federal agencies must consider adoption as evidence of good-faith compliance with the law.</p><p>The &#167;306 program operates as a soft-law complement to the &#167;305 hard-law freeze mechanism. The structural choice is to provide both enforcement-side tools (&#167;305 holds) and compliance-side tools (&#167;306 cybersecurity program) to address the digital-asset illicit-finance ecosystem. Protocols that adopt NIST cybersecurity standards under &#167;306 receive recognition that operates as a defensive shield in subsequent regulatory analysis.</p><h4>Building the Hold Protocol</h4><p>Four program-design consequences follow for covered persons.</p><ul><li><p>First, the &#167;305 framework is permissive and operationally significant. Covered persons can implement temporary holds based on reasonable belief of legal violation or qualified written requests from law-enforcement agencies. The immunity from private rights of action is the structural protection that makes the framework usable in practice. Compliance teams should develop transaction-monitoring programs, escalation protocols, and documentation procedures consistent with the &#167;305 framework.</p></li><li><p>Second, the documentation requirement does real work. The three-year retention period applies to every temporary hold implemented under &#167;305. Compliance programs should ensure that the basis for each hold (whether reasonable-belief or qualified-written-request) is captured in writing, with supporting evidence and the procedural steps taken. The documentation will be the audit trail for any subsequent regulatory review and the basis for the &#167;305(b) immunity protection.</p></li><li><p>Third, the qualified-written-request framework requires coordination with law-enforcement agencies. Covered persons should establish points of contact with the relevant law-enforcement agencies (state and federal), develop response protocols for incoming qualified written requests, and ensure that procedural compliance is consistent. The structural framework operates only if both sides (covered person and covered agency) execute the procedural requirements correctly.</p></li><li><p>Fourth, the &#167;305(e) court-order-compliance framework for PPSIs is structurally important for stablecoin issuers. PPSIs should establish compliance programs for court-ordered freezes, including technical capability to implement freezes on specific stablecoin balances, procedures for verifying court-order validity and specificity, and coordination with the Office of the Comptroller of the Currency on supervisory matters relating to court-order compliance.</p></li></ul><p>The &#167;305 framework, like much of CLARITY&#8217;s anti-illicit-finance architecture, balances enforcement effectiveness with civil-liberties protection. The balance is contestable on policy grounds. But the structural commitments are at least articulated: targeted requests, specific procedural requirements, duration limits, notification obligations, and documentation requirements. The framework provides covered persons with usable compliance tools and law-enforcement agencies with usable investigative tools, while preserving customer protections that exceed what is available today through the OFAC designation framework or the &#167;5318(g)(3) bank-fraud-hold analog.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-305s-temporary-hold?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-305s-temporary-hold?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/clarity-305s-temporary-hold?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[§307 and the Self-Hosted Wallet Question]]></title><description><![CDATA[What's a Monetary Instrument When you Hold Your Own Keys?]]></description><link>https://davidlopezkurtz.substack.com/p/307-and-the-self-hosted-wallet-question</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/307-and-the-self-hosted-wallet-question</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Wed, 01 Jul 2026 16:01:27 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ixR3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The FinCEN proposal that became Notice 2020-CVC-2 was published on December 23, 2020, three weeks after the Mnuchin Treasury Department announced the end-of-term initiative to subject self-hosted wallet transactions to reporting and recordkeeping requirements equivalent to those for traditional financial-institution wires. The proposed rule would have required money services businesses to collect, record, and report transactions with self-hosted wallets above defined thresholds, including the identity of the counterparty controlling the self-hosted wallet. Coin Center filed comments characterizing the proposal as unconstitutional under the Fourth Amendment, the First Amendment, and the Administrative Procedure Act. The Biden administration withdrew the proposed rule in early 2021 but the underlying policy concern (illicit-finance flows through self-hosted wallets that bypass regulated financial intermediaries) persisted across two administrations. The OFAC designation of Tornado Cash smart-contract addresses on August 8, 2022, then Coin Center v. Yellen, 5:22-cv-00149 (E.D. Ky.), then Van Loon v. Department of the Treasury, 122 F.4th 549 (5th Cir. 2024), then the OFAC withdrawal of the designations in March 2025, made clear that the regulatory authority over self-hosted wallets was both constitutionally constrained and politically contested.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!ixR3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!ixR3!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 424w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 848w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 1272w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!ixR3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png" width="778" height="759" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b0946879-0028-4dd7-97cc-918384c2d934_778x759.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:759,&quot;width&quot;:778,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1204373,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201507589?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!ixR3!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 424w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 848w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 1272w, https://substackcdn.com/image/fetch/$s_!ixR3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0946879-0028-4dd7-97cc-918384c2d934_778x759.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;307 of CLARITY answers the self-hosted wallet question structurally. &#167;307(b) amends 31 U.S.C. &#167; 5312(a)(3)(D) to expressly include digital assets within &#8220;monetary instruments,&#8221; which has cascading BSA implications. &#167;307(c) requires Treasury to conduct a national-strategy risk assessment that explicitly weighs both illicit-finance risks and civil-liberties benefits of self-hosted wallets. &#167;307(d) is the operational constraint: any Treasury guidance &#8220;shall not require a regulated entity to collect... personally identifiable information about the controller of a self-hosted wallet when the controller is not both the customer of the regulated entity and a party to such transaction, except as required by Federal law, including United States sanctions laws and regulations or lawful process.&#8221; The 2020 FinCEN NPRM in the form it took would be foreclosed.</p><h4>&#167;307(b) and the Monetary-Instrument Amendment</h4><p>&#167;307(b) is short but has cascading consequences. The amendment to 31 U.S.C. &#167; 5312(a)(3)(D) inserts &#8220;including digital assets (as defined in section 2 of the GENIUS Act (12 U.S.C. 5901)), as may be applicable,&#8221; after &#8220;value&#8221; in the existing statutory text. The pre-amendment text included &#8220;any other instrument or evidence of value, including stored value.&#8221; The post-amendment text includes digital assets within that residual category, with an &#8220;as may be applicable&#8221; qualifier that preserves Treasury&#8217;s interpretive flexibility on which digital-asset transactions fall within the BSA monetary-instrument framework.</p><p>The structural significance of the &#167;5312(a)(3)(D) amendment runs through the BSA. The monetary-instrument definition is the threshold definition that triggers the BSA&#8217;s reporting and recordkeeping framework. Form 8300 reporting (cash transactions over $10,000), suspicious activity reporting (SAR), currency transaction reporting (CTR), and the various record-retention requirements operate against a monetary-instrument predicate. Inclusion of digital assets within the monetary-instrument definition extends the BSA framework to digital-asset transactions, at least in principle.</p><p>The &#8220;as may be applicable&#8221; qualifier is the operational constraint. Not every digital-asset transaction is subject to BSA reporting. Treasury retains authority to specify which digital-asset transactions fall within the BSA framework through rulemaking, guidance, and interpretive positions. The qualifier preserves Treasury&#8217;s flexibility to draw lines that reflect the operational realities of digital-asset transactions: peer-to-peer transactions on permissionless networks, smart-contract interactions, decentralized-exchange transactions, and self-hosted-wallet transactions raise different policy considerations than custodial-intermediary transactions.</p><p>The &#167;307(b) amendment also has cross-references throughout the BSA framework. The &#167;5318 customer due diligence and SAR-filing requirements operate against monetary-instrument transactions. The &#167;5331 reporting of nonfinancial trades or businesses operates against monetary-instrument transactions. The &#167;5332 bulk-cash-smuggling provisions operate against monetary instruments. Each of these provisions would reach digital-asset transactions to the extent Treasury implements them. The &#167;307(d) operational constraint then layers on top, limiting how Treasury may implement these provisions with respect to self-hosted wallets specifically.</p><h4>&#167;307(c) the Treasury Risk Assessment</h4><p>&#167;307(c) directs Treasury, as part of the national strategy for combating terrorist and other illicit financing required under &#167;&#167; 261 and 262 of the Countering America&#8217;s Adversaries Through Sanctions Act, to consider eight enumerated factors. The list is structurally important because it builds civil-liberties analysis into the regulatory baseline.</p><ul><li><p>(1) illicit activity, such as money laundering and sanctions evasion, involving self-hosted wallets. This is the conventional illicit-finance framing. Treasury is required to assess and quantify the illicit-finance flows through self-hosted wallets, which is what FinCEN had attempted to do as the justification for the 2020 NPRM.</p></li><li><p>(2) the effectiveness of, and gaps in, existing methods, techniques, and strategies used by regulated financial institutions in detecting illicit activity involving self-hosted wallets. This is a regulatory-effectiveness assessment that asks whether existing tools (blockchain analytics, transaction monitoring at on-ramps and off-ramps, sanctions screening at custodial intermediaries) are adequate or whether additional tools are needed. The structural choice is to require Treasury to demonstrate the inadequacy of existing tools before proposing new ones.</p></li><li><p>(3) any illicit actors, including nation-state actors, that pose a high risk of facilitating illicit activity through the use of self-hosted wallets. This is the threat-actor assessment. North Korean state-sponsored cyber actors (the Lazarus Group and similar operations) have used self-hosted wallets to launder proceeds from cryptocurrency exchange hacks. Russian sanctioned entities have used self-hosted wallets to attempt sanctions evasion. The threat assessment is required, but it is structured to focus on specific actors rather than on self-hosted wallets generally.</p></li><li><p>(4) is the civil-liberties counter-balance. Treasury is required to consider &#8220;the benefits of the use of self-hosted wallets to (A) enhance user privacy and civil liberties through direct asset custody; and (B) expand financial inclusion and access for communities underserved by traditional financial institutions.&#8221; This is the structurally important provision. The 2020 FinCEN NPRM did not engage seriously with the civil-liberties and financial-inclusion benefits of self-hosted wallets. The &#167;307(c)(4) directive requires Treasury to do so in the current risk-assessment cycle.</p></li><li><p>(5) end-user and counterparty risks associated with self-hosted wallets, including consumer fraud, cybersecurity, and identity verification. This is the consumer-protection assessment. Self-hosted wallets impose user-protection costs (lost keys, phishing, fraud) that custodial intermediaries internalize. The assessment is required to quantify these costs.</p></li><li><p>(6) the use of hardware self-hosted wallets to smuggle digital assets for financing cross-border illicit activity. This is the bulk-cash-smuggling analog. The pre-CLARITY policy debate on this issue centered on whether physical hardware wallets carrying private keys to substantial digital-asset balances are functionally equivalent to bulk-cash transportation across borders. The assessment is required to address the question empirically.</p></li><li><p>(7) the use of hardware self-hosted wallets for tax evasion and asset concealment. The IRS and Treasury&#8217;s tax-enforcement assessment of self-hosted wallet usage. The cross-reference to the &#167;6045 broker-reporting framework and the <em>Coin Center v. Treasury</em> litigation is implicit.</p></li><li><p>(8) other considerations the Secretary may determine appropriate. The residual clause allowing Treasury flexibility on the assessment scope.</p></li></ul><p>The cumulative structure of &#167;307(c) is to require a balanced risk assessment that internalizes civil-liberties and financial-inclusion analysis alongside the conventional illicit-finance analysis. The pre-CLARITY assessment posture, which produced the 2020 FinCEN NPRM, focused predominantly on illicit-finance concerns without serious engagement with the civil-liberties counter-weights. &#167;307(c)(4) and the requirement for assessment under the national-strategy framework would structurally constrain Treasury to do better in the next cycle.</p><h4>&#167;307(d) the Operational Constraint</h4><p>&#167;307(d) is where the rubber meets the road. The Secretary of the Treasury &#8220;may issue guidance for financial institutions that transact with self-hosted wallets based on the results of the research on benefits and risks required under subsection (c), which shall not (1) require a regulated entity to collect, with respect to any transaction, personally identifiable information about the controller of a self-hosted wallet when the controller is not both the customer of the regulated entity and a party to such transaction, except as required by Federal law, including United States sanctions laws and regulations or lawful process; or (2) be construed to hinder, restrict, or otherwise impair the authority of any Federal agency to investigate, detect, counteract, or prevent illegal activity.&#8221;</p><p>The &#167;307(d)(1) constraint would foreclose the central element of the 2020 FinCEN NPRM. Treasury could not require a regulated financial institution to collect PII about the controller of a self-hosted wallet who is not both a customer of the institution and a party to the specific transaction. The structural carve-outs are (i) other federal law that requires the collection (including U.S. sanctions law), and (ii) lawful process (subpoenas, court orders, search warrants).</p><p>The 2020 FinCEN NPRM would have required institutions to collect PII about counterparties to self-hosted wallet transactions even when those counterparties were not the institution&#8217;s customers. &#167;307(d)(1) prohibits exactly that requirement, with the exceptions narrowly drawn. A regulated institution can collect PII about its own customer (because the customer is both the controller of the self-hosted wallet and a party to the transaction; the parenthetical conjunction matters). A regulated institution cannot be required by Treasury to collect PII about the other end of a self-hosted-wallet transaction when that party is not its customer.</p><p>The sanctions-law carve-out is important. Treasury can require institutions to screen self-hosted wallet counterparties against the OFAC SDN list, and to refuse transactions with sanctioned addresses. The &#167;307(d)(1) framework does not affect sanctions compliance. What it affects is the affirmative collection of PII about non-customer counterparties for AML/CFT purposes outside the sanctions framework.</p><p>The lawful-process carve-out preserves law-enforcement access. A subpoena, court order, or search warrant can compel an institution to disclose information about a self-hosted wallet counterparty regardless of the &#167;307(d)(1) limit on routine collection. The &#167;307(d)(1) framework constrains regulatory authority over data collection; it does not constrain criminal-procedure authority over evidence gathering.</p><p>&#167;307(d)(2) preserves federal-agency authority over illegal activity investigation, detection, counteraction, and prevention. The &#167;307(d)(1) constraint does not impair these authorities. The structural choice is to preserve enforcement authority while constraining regulatory authority over routine data collection.</p><h4>Why the 2020 NPRM Could Not Come Back</h4><p>The principal substantive consequence of &#167;307(d) is that the 2020 FinCEN NPRM, in the form it took, could not be reissued. The proposed rule would have required money services businesses to collect, record, and report PII about counterparties to self-hosted wallet transactions above $3,000 (for recordkeeping) and $10,000 (for reporting), even when those counterparties were not customers of the reporting institution. The collection requirement is exactly the activity &#167;307(d)(1) prohibits.</p><p>Treasury would retain authority to require other aspects of the 2020 NPRM. The recordkeeping requirements for the institution&#8217;s own customers (where the customer is the controller of a self-hosted wallet and a party to the transaction) are not foreclosed. The reporting of suspicious activity involving self-hosted wallets remains within Treasury&#8217;s existing SAR-filing framework. The sanctions-compliance screening of self-hosted wallet counterparties is not foreclosed. What &#167;307(d)(1) eliminates is the centerpiece of the 2020 proposal: the affirmative-collection requirement for non-customer counterparty PII.</p><p>The structural effect is that self-hosted wallets would remain a viable financial-privacy infrastructure under U.S. law. Users who hold their own keys can transact with regulated institutions without those institutions being compelled to collect PII about the user&#8217;s counterparties. The institution can still satisfy its own customer-identification, customer-due-diligence, and beneficial-owner-identification obligations with respect to its customers. It just cannot be required to extend those obligations to non-customer self-hosted-wallet counterparties.</p><h4>&#167;307(a)(1) and the Self-Hosted Wallet Definition</h4><p>&#167;307(a)(1) defines self-hosted wallet as &#8220;a digital interface (A) that is used to secure and transfer digital assets; and (B) under which the owner of digital assets secured and transferred under subparagraph (A) retains independent control over those digital assets.&#8221; The definition is parallel to &#167;605(b)(2) (the Keep Your Coins Act). The two definitions track each other.</p><p>The structural element is the &#8220;independent control&#8221; requirement. A wallet under which the user can independently move funds without the consent or participation of any third party is self-hosted. A wallet under which the user must obtain the consent or participation of a custodian to move funds is not. The MetaMask, Phantom, Rabby, and similar non-custodial wallets are self-hosted. Coinbase Wallet (in its non-custodial mode) is self-hosted. The custodial Coinbase exchange account is not. Hardware wallets (Ledger, Trezor) are self-hosted. Multisig wallets where the user holds enough keys to move funds independently are self-hosted; multisig wallets where the user does not hold enough keys are not.</p><p>The &#8220;independent control&#8221; formulation is the same one used in FinCEN&#8217;s 2019 guidance (FIN-2019-G001) to distinguish money-transmitter wallet providers from non-money-transmitter software providers. The structural consistency between FinCEN&#8217;s interpretive framework and the &#167;307 statutory framework simplifies the operational analysis: a wallet that satisfies the &#167;307(a)(1) self-hosted definition is also not within FinCEN&#8217;s money-transmitter framework under the 2019 guidance, and a wallet provider that creates the wallet without controlling user funds is a non-controlling developer or provider under &#167;604.</p><h4>Cross-References to &#167;305 and &#167;303</h4><p>&#167;307 cross-references &#167;305 (temporary hold) and &#167;303 (special measures expansion). The &#167;305 framework, covered in Post #15 of this series, creates a hybrid private-actor freeze mechanism that permits covered persons to delay execution of transactions on reasonable belief of law violation or qualified written request from a covered agency. The &#167;305 framework operates against transactions involving covered persons (permitted payment stablecoin issuers, registered foreign issuers, digital-asset service providers), which means the &#167;305 freeze authority is broader than self-hosted-wallet transactions. But &#167;305(c) preserves &#167;307(d)(1) by stating that the section does not require compelled freezes beyond existing law.</p><p>&#167;303 expands FinCEN&#8217;s special-measures authority under 31 U.S.C. &#167; 5318A. The special-measures framework permits Treasury to impose targeted reporting, prohibition, or other requirements on specific jurisdictions, institutions, or transactions identified as primary money-laundering concerns. The &#167;303 expansion incorporates digital-asset transactions within the special-measures authority. &#167;303 is structurally distinct from &#167;307: the special-measures authority is targeted (specific entities or transactions identified as primary concerns), while &#167;307(d)(1) addresses routine institution-wide data collection. The two operate at different levels of the regulatory framework.</p><h4>Comparison to EU AMLR</h4><p>The EU&#8217;s Anti-Money Laundering Regulation, AMLR, adopted in 2024 and entering into force in mid-2027, takes a structurally different approach to self-hosted wallets. The AMLR imposes verification requirements on crypto-asset service providers when transacting with self-hosted wallets above &#8364;1,000, with specific identification and counterparty-verification obligations. The EU framework is closer to the 2020 FinCEN NPRM than to the &#167;307 framework.</p><p>The divergence between the EU and U.S. frameworks has cross-border implications. A U.S.-domiciled exchange transacting with a self-hosted wallet from an EU user faces the &#167;307(d)(1) constraint on data collection in the United States and the AMLR requirements in the EU. The structural conflict requires either dual compliance (collecting data for EU purposes that the &#167;307(d)(1) constraint does not require for U.S. purposes) or jurisdictional limitations (the exchange does not transact with EU-based self-hosted wallets above the AMLR threshold). The cross-border policy reconciliation is ongoing and is the subject of &#167;507 of CLARITY (international coordination on digital-asset illicit-finance combatting).</p><h4>&#167;6045 and Tax-Reporting Cross-Issues</h4><p>The Treasury 2024 Final Regulations on Broker Reporting under &#167;6045, T.D. 10000, extended broker-reporting requirements to certain digital-asset intermediaries. The regulations were challenged in <em>Coin Center v. Treasury</em> and related litigation, with the principal legal claim that the &#167;6045 broker definition could not constitutionally reach non-controlling parties to digital-asset transactions. The &#167;307 framework does not directly address &#167;6045 broker reporting (which is a tax-reporting framework rather than a BSA framework), but the structural commitments in &#167;307(d)(1) and &#167;605 are relevant to the &#167;6045 analysis.</p><p>A regulated entity that is a &#167;6045 broker continues to face its broker-reporting obligations. The &#167;307(d)(1) constraint applies to BSA collection, not to tax-reporting collection. But the structural commitment to limiting routine collection of self-hosted wallet counterparty PII implicit in &#167;307(d)(1) provides interpretive support for narrowing constructions of the &#167;6045 broker definition. The Coin Center litigation and its progeny will play out on tax-law grounds, but the &#167;307 framework, if enacted, would stand as an authoritative congressional signal that self-hosted wallets occupy a privileged position in the U.S. financial-regulatory architecture.</p><h4>The Compliance Consequences</h4><p>Four compliance consequences follow.</p><ul><li><p>First, enactment kills the 2020 FinCEN NPRM in the form it took. Treasury could not reissue the proposal as written. The &#167;307(d)(1) constraint forecloses the affirmative-collection requirement for non-customer self-hosted wallet counterparty PII.</p></li><li><p>Second, customer-side compliance is unchanged. An institution&#8217;s obligations with respect to its own customers (KYC, CDD, beneficial-owner identification, SAR-filing) are not affected by &#167;307. The &#167;307(d)(1) constraint runs against affirmative-collection requirements for non-customer counterparties, not against customer-side compliance.</p></li><li><p>Third, sanctions compliance is preserved. The &#167;307(d)(1) sanctions-law carve-out preserves OFAC compliance. Institutions can be required to screen self-hosted wallet counterparties against the SDN list and to refuse transactions with sanctioned addresses. The Tornado Cash designation arc (and the subsequent withdrawal) is an artifact of the IEEPA framework, not of &#167;307. Sanctions compliance continues to operate on its own terms.</p></li><li><p>Fourth, cross-border friction is real. The EU AMLR framework imposes obligations that the U.S. &#167;307 framework does not. Institutions operating across both jurisdictions face structural compliance tensions. The &#167;507 international-coordination framework provides a path to resolution, but the timing is uncertain and continued divergence is the near-term planning assumption.</p></li></ul><p>The &#167;307 framework is, in the aggregate, a substantial accommodation of the self-hosted-wallet privacy and financial-inclusion case. It forecloses the 2020 FinCEN proposal, builds the civil-liberties analysis into the regulatory baseline, and makes the constraint on routine collection of non-customer PII statutory. The remaining questions are how Treasury implements the &#167;307(c) risk assessment, how the resulting guidance is drafted, and how cross-border friction with the EU AMLR is managed. The architectural commitment to self-hosted wallets as legitimate financial infrastructure is now in the bill text, one signature away from statutory law, and enactment would end the policy debate over the 2020 NPRM.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/307-and-the-self-hosted-wallet-question?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/307-and-the-self-hosted-wallet-question?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/307-and-the-self-hosted-wallet-question?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[CLARITY and Tokenization with Regulatory Parity]]></title><description><![CDATA[&#167;505 and the End of the Wrapper-Escape Argument]]></description><link>https://davidlopezkurtz.substack.com/p/clarity-and-tokenization-with-regulatory</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/clarity-and-tokenization-with-regulatory</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 29 Jun 2026 16:01:18 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!ueg3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>For most of the period between 2018 and 2025, a recurring argument in token-finance circles held that tokenizing a security would recharacterize it as something other than a security. The argument was never doctrinally serious. Friel v. Dapper Labs, Inc., 657 F. Supp. 3d 422 (S.D.N.Y. 2023), and the SEC&#8217;s enforcement actions against Reg D and Reg A token issuances (the Arca and INX matters, the BlockFi Lending consent order, and the various security-token offerings that took the harder route) made clear that the SEC&#8217;s view was that wrapping an underlying security in a token did not change its character. But the argument persisted in practitioner discourse, partly because some structural inconsistencies in the pre-CLARITY analysis suggested that distributed-ledger issuance might affect substantive securities-law analysis, and partly because the EU&#8217;s Markets in Crypto-Assets (MiCA) regulation and similar foreign regimes took inconsistent positions on the question. The argument also gained traction in policy debates over the pre-emption of state property-transfer law by the Uniform Commercial Code&#8217;s 2022 amendments adding Article 12 on controllable electronic records.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!ueg3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!ueg3!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 424w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 848w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 1272w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!ueg3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png" width="894" height="805" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:805,&quot;width&quot;:894,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1489895,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201504498?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!ueg3!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 424w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 848w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 1272w, https://substackcdn.com/image/fetch/$s_!ueg3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F828d849e-2a6e-4a71-84c6-f0f0b4f27edb_894x805.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;505 of CLARITY would put the wrapper-escape argument to rest. The section provides that tokenization does not change the substantive securities-law character of the underlying asset. Equity tokens remain equity. Debt tokens remain debt. Fund-interest tokens remain fund interests. The Commission may adapt the <em>manner</em> in which regulatory requirements are satisfied to accommodate the technological characteristics of digital assets, but it may not adapt the substantive applicability of the federal securities laws. The &#167;505(b) sense-of-Congress endorses state adoption of UCC Article 12. The &#167;505(h)(1) savings clause is explicit: an asset that is a security under federal law does not cease to be one solely because it is issued, recorded, represented, or transferred using DLT.</p><h4>The Parity Rule</h4><p>&#167;505(d) is the operative provision. &#167;505(d)(1) provides that, subject to &#167;505(d)(2), a tokenized security shall be treated, for all regulatory purposes, as the security that the tokenized security represents, except as otherwise provided by &#167;106(a) or by a rule, regulation, or order issued by the Commission. The structural commitment is direct: the tokenization process does not change the substantive securities-law analysis.</p><p>&#167;505(d)(2) is the limit on Commission rulemaking authority. A rule, regulation, or order described in &#167;505(d)(1)(B) may only be issued by the Commission to adapt the manner in which the applicable regulatory requirements are satisfied, to the extent necessary or appropriate (A) in light of the unique technological or other characteristics of digital assets or substantially similar technology, or (B) consistent with what is necessary or appropriate in the public interest and protecting investors, maintaining fair, orderly, and efficient markets, and facilitating capital formation. The Commission&#8217;s adapting authority extends to the <em>manner</em> in which the regulatory requirements are satisfied. It does not extend to the substantive applicability of the requirements themselves.</p><p>The distinction matters operationally. A tokenized equity security is subject to &#167;11 disclosure liability, &#167;12(a)(2) prospectus liability, &#167;10(b) and Rule 10b-5 anti-fraud liability, &#167;13 reporting obligations, &#167;16 insider-trading obligations, and &#167;14 proxy obligations, on the same terms as a non-tokenized equity security. The Commission may issue rules adapting how the &#167;13 reports are filed (e.g., permitting on-chain disclosure as an alternative to EDGAR filing for tokenized issuers, or requiring specific reconciliation between on-chain transfer-agent records and traditional transfer-agent records). The Commission may not issue rules exempting tokenized equity securities from &#167;13 reporting altogether. The substantive obligation is fixed by statute; the operational form of compliance is within Commission rulemaking authority.</p><p>The &#167;106 cross-reference is to the general exemptive authority CLARITY grants the Commission. &#167;106(a) provides additional exemption authority in specified circumstances. &#167;505(d)(1)(A) preserves Commission ability to apply &#167;106 to tokenized securities, but the operative scope of &#167;106 is established elsewhere in the bill. The bulk of the substantive parity rule operates through &#167;505(d)(2), which constrains the Commission&#8217;s adapting authority to operational rather than substantive modifications.</p><h4>&#167;505(f) Commission Rulemaking Authority</h4><p>&#167;505(f) authorizes the Commission to issue rules governing tokenized securities consistent with &#167;&#167; 106 and 107. &#167;505(f)(2) lists the specific topics the rules may address: how requirements applicable to the underlying security apply to custody, books and records, reconciliation with transfer agents or other recordkeepers, auditability, settlement finality, treatment of chain reorganizations, and other operational risks arising from the use of DLT or comparable technology.</p><p>The enumerated topics are operational rather than substantive. Custody rules address how a tokenized security is custodied (smart-contract-based custody, custodial intermediary holding the keys, hybrid arrangements). Books-and-records rules address how on-chain records integrate with traditional broker-dealer books-and-records requirements under Rule 17a-3 and 17a-4. Reconciliation rules address how transfer-agent records (typically maintained off-chain) reconcile with on-chain transfer records (which may not match where the on-chain transfer is restricted or the off-chain transfer is unrestricted). Auditability rules address how auditors validate on-chain records. Settlement finality rules address when a transaction is final for purposes of payment-versus-delivery and clearing obligations. Chain-reorganization treatment addresses what happens when an on-chain transfer is reorganized away (a rare but non-trivial issue on some chains).</p><p>If the bill is enacted, the Commission&#8217;s rulemaking under &#167;505(f) is going to be substantial. The structural choice is to permit operational flexibility within the existing substantive framework. The BlackRock USD Institutional Digital Liquidity Fund (BUIDL), the Franklin Templeton OnChain U.S. Government Money Fund (BENJI), and the various JPMorgan Onyx/Kinexys tokenization platforms are all operating under pre-CLARITY interpretive postures that the &#167;505(f) rulemaking will codify. The rulemaking will have to take up the operational rough edges that have emerged in practice: chain-reorganization handling, transfer-agent reconciliation, custody arrangements for institutional investors, and integration with traditional clearing-and-settlement infrastructure.</p><h4>&#167;505(b) and UCC Article 12</h4><p>&#167;505(b) is a sense-of-Congress endorsing state adoption of UCC frameworks providing clear and uniform rules for the ownership, control, and enforceability of rights relating to digital assets. The reference is implicit but unmistakable: UCC Article 12 on Controllable Electronic Records.</p><p>UCC Article 12 was adopted in final form by the Uniform Law Commission and the American Law Institute in 2022. The article defines &#8220;controllable electronic record&#8221; as a record stored in an electronic medium that can be subjected to control, and provides take-free rules, attachment and perfection rules, and priority rules for security interests in CERs. As of mid-2026, more than thirty states had adopted Article 12 or were considering adoption.</p><p>The &#167;505(b) sense-of-Congress is not preemptive. State law continues to govern the property-law side of tokenized securities transactions. But the federal-policy signal is supportive of UCC Article 12 adoption, and the &#167;505(h)(2) savings clause preserves state property-transfer rules from &#167;505 preemption. The structural choice is to leave the property-law framework to state law (consistent with the post-<em>Erie</em> architecture of commercial law in the United States) while federalizing the securities-law treatment.</p><p>A tokenized security issued in a state that has adopted UCC Article 12 sits in a clearer property-law framework than one issued in a non-Article-12 state. Holders of tokenized securities can rely on Article 12&#8217;s take-free rules for good-faith purchase, the attachment-and-perfection rules for security interests in CERs, and the priority rules for competing claims. The &#167;505 federal-securities-law parity rules layer on top of the Article 12 framework. The state-law venue and its Article 12 adoption status belong on the structuring checklist.</p><h4>The Savings Clauses</h4><p>&#167;505(h) provides four savings clauses. &#167;505(h)(1) is the principal one: any asset that is a security under the federal securities laws does not cease to be a security solely because the asset is issued, recorded, represented, or transferred using DLT or comparable technology. This is the structural commitment to substance-over-form analysis. The wrapper-escape argument would be foreclosed by statute.</p><p>&#167;505(h)(2) preserves state property-transfer rules. The &#167;505 federal-law parity framework does not preempt, supersede, invalidate, or otherwise affect state property-transfer rules, laws, regulations, or common-law principles relating to the transfer or recording of real, tangible, or intangible assets or interests in them. The structural choice is consistent with the &#167;505(b) endorsement of state-law UCC Article 12 adoption: federal securities-law treatment is harmonized, but state property-law treatment remains state law.</p><p>&#167;505(h)(3) preserves &#167;106 rulemaking authority. The Commission&#8217;s exemptive authority under &#167;106 applies to any rulemaking, order, or other action under &#167;505. The &#167;106 exemptive authority operates as a general flexibility tool that can address tokenization-specific issues that arise outside the &#167;505(f) operational rulemaking framework.</p><p>&#167;505(h)(4) preserves the ability of persons to offer or sell tokenized securities consistent with the federal securities laws. The &#167;505 framework is not a registration regime or a permissioning regime. It is a clarification that tokenized securities operate under existing federal securities law with operational adaptations. Persons can offer and sell tokenized securities under &#167;3, &#167;4(a)(2), &#167;4(a)(6), Reg D, Reg A, Reg CF, or under registered offerings on the same terms as non-tokenized securities, subject to the &#167;505(f) operational rules.</p><h4>&#167;505(e) and &#167;505(g) Anti-Fraud Preservation</h4><p>&#167;505(e) prohibits misrepresentation. Any statement or omission with respect to any material fact made by a person in connection with the offer, sale, or other representation regarding a tokenized security is subject to the federal securities laws, including the applicable anti-fraud and anti-manipulation provisions. The structural choice is to preserve anti-fraud authority as fully applicable to tokenized securities transactions.</p><p>&#167;505(g) is the parallel rule of construction. Nothing in &#167;505 prevents the Commission from enforcing the anti-fraud and anti-manipulation provisions of the federal securities laws, and the rules issued under them, with respect to tokenized securities, provided that the elements of those provisions are satisfied. The &#167;10(b) and Rule 10b-5 framework, the &#167;17(a) framework, and the &#167;13(b)(5) books-and-records anti-fraud framework all apply to tokenized securities on the same terms as non-tokenized securities.</p><p>The structural commitment to anti-fraud preservation is consistent with the broader CLARITY architecture. Throughout the bill, the registration-and-disclosure framework is being modified to accommodate digital-asset characteristics, but the anti-fraud overlay is preserved. The &#167;505(e) and &#167;505(g) provisions extend this commitment to tokenized securities.</p><h4>&#167;506 Post-Quantum Ccryptography</h4><p>&#167;506 is a sense-of-Congress and technical-assistance provision on post-quantum cryptography. It directs the Under Secretary of Commerce for Standards and Technology to promote voluntary adoption of NIST post-quantum cryptography standards, through dissemination of guidance, technical assistance to high-risk entities, and other activities. The provision is structurally separate from &#167;505 but operationally important: tokenized-securities infrastructure relies on cryptographic primitives that are vulnerable to quantum-computing attacks, and the long-term security of tokenized financial markets depends on cryptographic upgrades.</p><p>The &#167;506 framework is voluntary rather than mandatory. The Director&#8217;s role is to promote, not to require, post-quantum cryptography adoption. The structural choice reflects both the immaturity of post-quantum cryptography standards (as of 2026, the NIST standards are recent and operational deployment is in early stages) and the cost-and-complexity considerations of migration. For long-duration tokenized-securities transactions, the &#167;506 framework is a leading indicator of future infrastructure requirements.</p><h4>Comparing to MiCA</h4><p>The EU&#8217;s Markets in Crypto-Assets Regulation provides a useful comparison. MiCA takes a similar substance-over-form posture: financial instruments wrapped in token form remain financial instruments under the EU&#8217;s existing financial-instruments framework (MiFID II), and the crypto-asset categories in MiCA (asset-referenced tokens, e-money tokens, other crypto-assets) cover non-security tokens. The MiCA framework, like CLARITY, separates the securities/financial-instruments treatment from the crypto-asset treatment, with the substantive analysis running on the underlying economic character of the instrument.</p><p>The principal differences are operational rather than substantive. MiCA includes detailed disclosure-and-conduct rules for crypto-asset service providers (CASPs) that are not directly paralleled in CLARITY&#8217;s framework. CLARITY&#8217;s &#167;505 framework is narrower in scope: it addresses tokenized securities specifically, with the &#167;4B, &#167;301, and &#167;401 frameworks addressing the non-security side. The U.S. framework is generally more permissive than MiCA on the non-security side (CLARITY&#8217;s network-token framework is broader than MiCA&#8217;s &#8220;other crypto-assets&#8221; category) and approximately parallel on the security side (both regimes preserve substantive securities/financial-instruments law).</p><p>The cross-border implications matter for transactions that touch both regimes. A tokenized equity security issued under &#167;505 in the United States and offered to EU investors will be subject to MiFID II in the EU and to the federal securities laws in the United States, with the &#167;505 framework providing parity-of-substantive-treatment in the United States and MiFID II providing parity in the EU. The operational integration of the two frameworks is where the work sits.</p><h4>Building on the Parity Rule</h4><p>Four consequences follow for deal design.</p><ul><li><p>First, the wrapper-escape argument is doctrinally dead today and statutorily dead the day CLARITY is signed. Tokenization does not change the substantive securities-law analysis. Equity remains equity, debt remains debt, fund interests remain fund interests. Issuance structures and offering documents should be designed on the assumption that the underlying-security analysis controls.</p></li><li><p>Second, the operational rulemaking under &#167;505(f) will determine the practical scope of tokenization. Custody, books-and-records, reconciliation, auditability, settlement finality, and chain-reorganization treatment are the operational dimensions on which the Commission will draw lines. The comment-letter process is the chance to shape those lines, and it will reward early, use-case-specific engagement.</p></li><li><p>Third, state-law adoption of UCC Article 12 is the property-law foundation. The federal &#167;505 framework operates against state-law property rules, and the state-law framework is most coherent where Article 12 has been adopted. Venue selection should track Article 12 adoption.</p></li><li><p>Fourth, anti-fraud preservation is full and substantive. The &#167;505 framework does not reduce anti-fraud exposure for tokenized-security issuers, intermediaries, or representatives. Disclosure quality, accuracy of representations, and absence of material omissions are as important under &#167;505 as they are for traditional securities. The tokenization wrapper does not provide a shield against &#167;10(b), Rule 10b-5, &#167;17(a), or &#167;13(b)(5) liability.</p></li></ul><p>The &#167;505 framework, in the aggregate, would accomplish a clean codification of what most practitioners already believed but could not point to a statute for: tokenization is a technical-form decision, not a substantive-treatment decision. The federal securities laws apply to tokenized securities on the same terms as non-tokenized securities, with operational adaptations to accommodate distributed-ledger characteristics. The remaining work is at the operational level, where the &#167;505(f) rulemaking, state-law UCC Article 12 adoption, and integration with the broader CLARITY framework will play out over the next several years.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-and-tokenization-with-regulatory?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-and-tokenization-with-regulatory?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/clarity-and-tokenization-with-regulatory?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[NFTs after CLARITY]]></title><description><![CDATA[&#167;602's Safe Harbor and the Mass-Minting Carve-Out]]></description><link>https://davidlopezkurtz.substack.com/p/nfts-after-clarity</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/nfts-after-clarity</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 26 Jun 2026 16:01:28 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!IuMv!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The SEC&#8217;s pre-CLARITY NFT enforcement posture was the most internally inconsistent line in the Commission&#8217;s digital-asset program. In August 2023, the Commission settled charges against Impact Theory for $6.1 million in SEC v. Impact Theory, LLC, Securities Act Release No. 11226, on the theory that Founder&#8217;s Key NFTs were unregistered securities offerings because purchasers expected the project&#8217;s developers to use proceeds to build value. A month later, the Commission settled with Stoner Cats on similar theories. Friel v. Dapper Labs, Inc., 657 F. Supp. 3d 422 (S.D.N.Y. 2023), denied a motion to dismiss NBA Top Shot Moments claims under the same theory, holding that the plaintiffs had plausibly alleged an investment contract. Then the Commission closed its investigation into Yuga Labs without enforcement, sent a Wells notice to OpenSea in early 2024 followed by closure of that investigation, and issued a February 2025 staff statement disclaiming enforcement intent against certain categories of NFT activity. By the time CLARITY was engrossed, the NFT regulatory framework was a function of which Commission was holding the pen and how the staff was reading Howey in any given week.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!IuMv!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!IuMv!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 424w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 848w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 1272w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!IuMv!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png" width="1398" height="1045" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1045,&quot;width&quot;:1398,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2932115,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201503554?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!IuMv!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 424w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 848w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 1272w, https://substackcdn.com/image/fetch/$s_!IuMv!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ac90cf-6584-4fd7-b5c8-1d47ce30c31d_1398x1045.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;602 of CLARITY would end the enforcement-discretion era. It defines an NFT through four traits, creates a strong safe harbor with three narrow exceptions, and provides a good-faith-reliance protection that immunizes parties who reasonably rely on the safe harbor. The structural choice is to draw a categorical line, leaving discretionary case-by-case enforcement only for transactions that genuinely involve all the elements of an investment contract. The &#167;602(b)(4) reliance and prospective-effect provisions go further than most CLARITY provisions in giving issuers and platforms confidence about ongoing operations.</p><p>The joint SEC-CFTC interpretation effective March 23, 2026, Release Nos. 33-11412 and 34-105020, complements &#167;602 with an interpretive framework that operates at the <em>Howey</em> analytical level. The release classifies crypto assets into five categories, including &#8220;digital collectibles,&#8221; which the Commission concludes do not themselves constitute securities because they lack the economic characteristics of a security. The illustrative examples in the release include CryptoPunks, Chromie Squiggles, Fan Tokens, WIF, and VCOIN. The release reaches the same bottom-line conclusion as &#167;602 (an NFT itself is not a security) but through a different mechanism: &#167;602 operates as a statutory safe harbor with enumerated exceptions, while the release operates as a Commission interpretation of <em>Howey</em> applied to the digital-collectible category. The two frameworks complement each other. The &#167;602 safe harbor is the primary protection; the joint release supplies the doctrinal foundation and applies even to NFTs that, for whatever reason, fall outside &#167;602&#8217;s literal scope.</p><h4>The Four-Prong NFT Definition</h4><p>&#167;602(a)(1) defines an NFT through four conjunctive elements. The asset must be recorded on a distributed ledger; (A) individually identifiable and distinguishable from any other digital asset; (B) represent ownership of, or rights in, a work of authorship, art, a collectible, a membership, an access credential, a certificate of authenticity, an in-game or in-application item, or another similar specific item or discrete digital or physical good, service, or benefit; (C) not interchangeable on a 1-to-1 basis with any other token or digital asset; and (D) capable of being bought, sold, or transferred for consideration.</p><ul><li><p>(A) excludes mass-issued fungible tokens that share identical traits and serial numbers; the asset must be distinguishable from every other asset in the collection. The standard ERC-721 implementation satisfies (A) because each token has a unique tokenId and corresponding metadata. ERC-1155 semi-fungible implementations may or may not satisfy (A) depending on whether the contract issues distinguishable token IDs for each unit or issues fungible balances within a token class.</p></li><li><p>(B) is the use-case enumeration. The list is broad and intentionally so. Art, collectibles, memberships, access credentials, certificates of authenticity, in-game items, and the &#8220;similar specific item&#8221; residual cover almost every meaningful NFT use case in current practice. The PFP collections (Bored Apes, CryptoPunks, Pudgy Penguins) qualify under &#8220;art&#8221; or &#8220;collectible.&#8221; Ticketing NFTs qualify under &#8220;access credential.&#8221; Membership NFTs (the various creator-economy memberships and on-chain subscriptions) qualify under &#8220;membership.&#8221; In-game items qualify under &#8220;in-game or in-application item.&#8221; Identity credentials, qualifications, and certifications qualify under &#8220;certificate of authenticity.&#8221; The use-case enumeration is permissive: an asset that fits within one of these categories is an NFT for &#167;602 purposes.</p></li><li><p>(C) is the non-fungibility test. The asset must not be interchangeable on a 1-to-1 basis with any other token or digital asset. This is the structural antifeature: NFTs cannot be perfect substitutes for other tokens. A token that trades 1-for-1 with any other token in the collection (semi-fungible tokens with no meaningful distinguishing traits) does not satisfy (C). The non-fungibility test screens out attempts to call mass-fungible token collections &#8220;NFTs&#8221; simply by adding nominal serial numbers.</p></li><li><p>(D) requires that the asset be capable of being bought, sold, or transferred for consideration. Soulbound tokens, which by design cannot be transferred, do not satisfy (D) and are not NFTs for &#167;602 purposes. The exclusion is not a substantive problem because soulbound tokens are not the subject of the safe harbor (they are not &#8220;offered, sold, resold, transferred, or conveyed&#8221; in any commercial sense).</p></li></ul><p>&#167;602(a)(2) defines &#8220;promoter&#8221; as a person or group that manages, controls, or operates an enterprise in which capital is invested, or any person acting on behalf of such a person, including affiliates, agents, and coordinated actors that contribute to capital-raising efforts. The promoter concept is doing important work in the rules-of-construction section, where the resale carve-out is conditioned on payment not flowing to a promoter.</p><h4>The &#167;602(b)(1) Safe Harbor and the &#167;602(b)(2) Rules of Construction</h4><p>&#167;602(b)(1) is the operative safe-harbor provision. The offer, sale, resale, transfer, or conveyance of an NFT shall not be deemed to constitute an offer, sale, or distribution of a security or investment contract under the Securities Act, the Exchange Act, or any equivalent state law, unless the transaction, in substance, involves all of the elements of an investment contract. The exception clause is the key. The safe harbor falls only when the transaction involves all of the <em>Howey</em> elements: investment of money, common enterprise, expectation of profits, derived from the efforts of others. A transaction that lacks any one element is within the safe harbor.</p><p>&#167;602(b)(2) provides two rules of construction. Subsection (A) excludes from securities treatment &#8220;the resale or secondary market transfer of a nonfungible token, where the payment for that resale or transfer does not flow to a promoter or is not used to raise new capital for an enterprise.&#8221; The resale carve-out is structurally important. It preserves secondary-market activity even where the primary issuance might have involved investment-contract elements. As long as the payment is between private parties and does not flow back to the promoter or fund new enterprise capital, the secondary transaction is outside the securities perimeter.</p><p>Subsection (B) addresses the collectible-appreciation question. An NFT that serves as a collectible, membership right, event ticket, access credential, or other non-investment-based use case is not a security solely because the NFT may appreciate in value or depend in part on continued efforts or the reputation of the creator or issuer. The clause is the legislative answer to the <em>Friel v. Dapper Labs</em> line of reasoning. Under <em>Friel</em>, the fact that Top Shot Moments could appreciate in value, combined with Dapper Labs&#8217; continued maintenance of the platform and curation of the marketplace, was enough to plausibly allege investment-contract elements. &#167;602(b)(2)(B) would override that holding by statute: appreciation and creator-effort-dependence are not, by themselves, sufficient to convert a use-case NFT into a security.</p><h4>The Three Exceptions</h4><p>&#167;602(b)(3) carves out three categories where the safe harbor does not apply. The exceptions are narrow and structurally important.</p><p>The first exception, &#167;602(b)(3)(A), covers &#8220;a mass-minted series of items with substantially similar or nearly identical traits that are marketed or sold interchangeably.&#8221; This is the structurally important carve-out. The exception captures the variant of NFT issuance that most resembles a securities offering: a mass issuance of fungible-in-substance tokens with nominal trait differences, marketed as a pooled investment opportunity. The Founder&#8217;s Keys and Stoner Cats fact patterns fall within this exception, because the NFTs in those collections shared substantially similar traits and were marketed to purchasers as a coordinated investment in the project&#8217;s development.</p><p>The &#8220;substantially similar or nearly identical traits&#8221; phrasing is the operative limit. PFP collections with meaningful trait diversity (Bored Apes, CryptoPunks, the generative-art collections produced by Art Blocks artists) do not fit the exception, because the individual items have distinguishing traits that distinguish them in commercial trade. The collection is non-fungible at the item level. Generative-art drops in which each item has a unique seed but the trait distribution is engineered to produce many &#8220;similar&#8221; items might be on the edge; the marketing-and-sale-interchangeably qualifier helps draw the line.</p><p>The &#8220;marketed or sold interchangeably&#8221; qualifier is the second operative limit. An NFT collection with distinct traits sold under a single price (a flat mint price for the entire collection) is, on one reading, marketed interchangeably. A collection sold under a price-discrimination scheme based on trait rarity is not. The SEC&#8217;s pre-CLARITY enforcement actions tended to involve collections sold at a flat mint price, with the value distinction emerging post-mint based on trait rarity and project development. Those fact patterns map closer to the &#167;602(b)(3)(A) exception than do collections sold under sophisticated trait-based pricing.</p><p>The second exception, &#167;602(b)(3)(B), covers &#8220;a fractionalized interest in a nonfungible token.&#8221; Fractional NFTs (e.g., the historical fractional.art platform model and similar successor models) are not within the safe harbor. The reason is structural: a fractional interest in an underlying asset is an investment in the underlying asset, not a holding of the asset itself. The fractional interest carries economic exposure to the asset&#8217;s value without the asset&#8217;s specific use rights. The fractional-NFT model resembles a pooled investment vehicle, and the &#167;602(b)(3)(B) exception treats it as such.</p><p>The third exception, &#167;602(b)(3)(C), covers &#8220;an interest representing a beneficial or economic claim on a nonfungible token or an asset that a nonfungible token represents.&#8221; This is broader than (B) and catches derivative instruments on NFTs as well as fractional interests. A token that conveys an economic right to the appreciation of an NFT, or to the appreciation of the underlying asset the NFT represents, is excluded from the safe harbor. The drafting choice prevents the NFT safe harbor from being used to immunize what are, in economic substance, securities derivatives on NFTs.</p><h4>&#167;602(b)(4) Reliance and Prospective Effect</h4><p>&#167;602(b)(4) is the unusually generous reliance provision. &#167;602(b)(4)(A) provides that &#8220;a person, other than an originator or related person, that reasonably and in good faith relies on the safe harbor under this subsection shall not be subject to any civil or administrative penalties.&#8221; The reliance protection is broader than the typical good-faith-reliance safe harbor in CLARITY. The structural choice is to immunize platforms, marketplaces, and other downstream participants who reasonably rely on the safe harbor as to a particular NFT.</p><p>The exclusion of originators and related persons is important. An NFT issuer cannot rely on &#167;602(b)(4)(A) to immunize itself from penalties for its own issuance. But a platform that lists the NFT, a marketplace that facilitates resale, an exchange that holds the NFT for customers, or a custodian that provides storage services can rely on the safe harbor. The structural effect is to make platform-level compliance defensible: a platform that maintains a reasonable belief that an NFT qualifies for the safe harbor is not subject to penalty even if the SEC later determines that the safe harbor does not apply.</p><p>&#167;602(b)(4)(B) provides the prospective-effect rule. Any determination by the Commission that the safe harbor does not apply to a particular circumstance must be prospective only and must take effect not earlier than 60 days after the Commission publicly posts the determination. The provision prevents the Commission from making post-hoc determinations that the safe harbor did not apply, with retroactive enforcement consequences. The 60-day notice period gives parties time to adjust their conduct or wind down non-compliant offerings.</p><p>The combined effect of &#167;602(b)(4)(A) and (B) is to provide a strong front-end protection for NFT marketplaces, platforms, and downstream participants. Reasonable good-faith reliance is protected, and any change in the Commission&#8217;s interpretation runs prospectively with at least 60 days&#8217; notice. The structural commitment to operational stability for the NFT secondary market is meaningful.</p><h4>The Mass-Minted Series Problem</h4><p>The &#167;602(b)(3)(A) mass-minted-series exception is the operationally significant edge. It is also the most fact-intensive of the three exceptions. Three structural questions follow.</p><ul><li><p>First, what counts as &#8220;substantially similar or nearly identical traits&#8221;? A collection of 10,000 PFPs generated from 200 traits across 8 trait categories, with rarity distributions producing meaningful variation in the resulting items, is not &#8220;substantially similar.&#8221; A collection of 10,000 nominally distinct items where the variation is limited to a serial number or a single trait category (color variations on the same base image) might be. The Commission&#8217;s eventual rulemaking or interpretive guidance will need to draw the line, and the line will turn on whether the traits produce commercially meaningful distinctions between items.</p></li><li><p>Second, what counts as &#8220;marketed or sold interchangeably&#8221;? A mint at a flat price where all items are offered without trait disclosure (&#8221;blind mint&#8221;) and the items are randomly assigned post-mint may be marketed interchangeably even if the resulting items have meaningfully distinct traits. The marketing assesses interchangeability ex ante; the resulting trait diversity may or may not redeem the marketing. A reveal-on-mint structure where buyers can see traits before purchasing, with trait-based pricing, is not marketed interchangeably.</p></li><li><p>Third, how does the exception interact with project-development marketing? A project that markets a mass-minted collection as a vehicle for funding ongoing development, with the buyers receiving a &#8220;stake&#8221; in the project&#8217;s success, is closer to the SEC&#8217;s pre-CLARITY enforcement targets. A project that markets a collection as a collectible or membership without development-funding implications is further from those targets. The marketing analysis is similar to the &#167;4B(a)(7)(B) disqualifying-rights analysis: what is being sold, and what economic rights does the purchaser actually receive?</p></li></ul><p>An issuer that wants to stay inside the safe harbor should design collections with meaningful trait diversity, price items based on trait rarity where the trait structure permits, and market the collection as a collectible or use-case product rather than as a development-funding mechanism. Projects that follow this design pattern sit comfortably within the safe harbor. Projects that follow the pre-CLARITY mass-mint-with-development-promise model are at risk under the &#167;602(b)(3)(A) exception.</p><h4>The Resale Carve-Out and OpenSea/Blur</h4><p>&#167;602(b)(2)(A) preserves resale and secondary-market transfers where payment does not flow to a promoter and is not used to raise new capital for an enterprise. The carve-out is structurally important for the secondary-market platforms (OpenSea, Blur, Magic Eden, and their successors). A secondary transaction between two retail collectors, with payment flowing between them and not to the original promoter, is outside the securities perimeter regardless of how the primary issuance is characterized.</p><p>The exception has implications for royalty enforcement, an issue that consumed substantial industry attention in 2022-2024 as OpenSea moved away from creator royalty enforcement and Blur built its market position partly on its zero-royalty model. The &#167;602(b)(2)(A) carve-out treats &#8220;payment for that resale or transfer&#8221; as not flowing to a promoter, even if a portion of the payment is allocated to a royalty to the original creator. The royalty is paid by the seller, not by the platform, and the &#167;602 analysis treats the royalty as a private contractual arrangement between buyer and seller rather than as a continuation of the primary offering.</p><p>The &#167;602(b)(2)(A) carve-out also has implications for revenue-sharing structures embedded in NFT smart contracts. A collection that includes a smart-contract-enforced royalty paid to a multisig controlled by the creator team is operating under a structure where the payment, in part, flows to a promoter. The &#167;602(b)(2)(A) carve-out language (&#8221;does not flow to a promoter or is not used to raise new capital for an enterprise&#8221;) is disjunctive: a resale where the payment does not flow to a promoter (in any part) is within the carve-out, and a resale where the payment is not used to raise new capital (even if some flows to a promoter as a royalty for past creative work, not new capital-raising) is also within the carve-out. The structural reading is that creator royalties on resales remain compatible with the safe harbor as long as the royalties compensate past creative effort rather than fund ongoing capital-raising for the enterprise.</p><h4>Fractional NFTs and Beneficial-Claim Derivatives</h4><p>&#167;602(b)(3)(B) and (C) cover the fractional and beneficial-claim categories. The structural intent is to prevent the NFT safe harbor from being used to immunize what are, in economic substance, securities offerings of fractional interests in collectibles. Fractional.art-style platforms that fractionalized high-value NFTs (CryptoPunks, Bored Apes) into ERC-20-equivalent tokens were operating under pre-CLARITY uncertainty about whether the fractional tokens were securities. &#167;602(b)(3)(B) would resolve the question: fractional interests are not within the NFT safe harbor.</p><p>The exception does not categorically prohibit fractional NFTs or beneficial-claim derivatives. It simply removes them from the NFT safe harbor. A fractional NFT may be a security; it may be structured as a permitted offering under Reg D, Reg A, or another exemption; it may be a network token if the underlying NFT collection is held by a properly-constituted DGS and the fractional token has the right economic characteristics. The &#167;602(b)(3)(B) exception means that the fractional token&#8217;s securities analysis runs on the &#167;4B network-token framework or on the general securities-law analysis, not on the &#167;602 NFT safe harbor.</p><p>The beneficial-claim exception under &#167;602(b)(3)(C) is broader and catches NFT derivatives, NFT-collateralized lending tokens, and NFT-yield products. The exception is structurally important because these products are economic exposures to NFTs rather than ownership of NFTs themselves. The securities analysis runs on the structure of the derivative, not on the safe harbor.</p><h4>&#167;603 GAO Study</h4><p>&#167;603 directs the GAO to conduct a study of NFTs covering the nature, size, role, purpose, and use of NFTs; the similarities and differences between NFTs and other digital assets; minting and administration mechanics; storage; interoperability; marketplace scalability; benefits including verifiable digital ownership; risks including intellectual property, cybersecurity, and market risks; integration with traditional markets (music, real estate, gaming, events, travel); use for documents, identification, contracts, licenses, and other records; risks to traditional markets from integration; and levels and types of illicit activity in NFT markets. The GAO is required to publicly release the study within one year of enactment.</p><p>The &#167;603 study is the bill&#8217;s signal that NFT policy is not settled. The &#167;602 safe harbor is the doctrinal answer for the current market structure. The &#167;603 study is the framework for evaluating whether the safe harbor is appropriately calibrated as the market matures. The &#167;603 study will feed any future revisions of the &#167;602 framework, and the comment-letter cycle around the GAO study itself will be substantive.</p><h4>Where this Leaves Issuers and Platforms</h4><p>The practical structure reduces to four points.</p><ul><li><p>First, the safe harbor is broad and the exceptions are narrow. Most NFT activity in the current market structure is within the safe harbor. Mass-minted collections with substantial trait diversity, marketed and sold under trait-aware pricing, are within the safe harbor. Resale activity is within the safe harbor regardless of the primary issuance&#8217;s status, provided the payment doesn&#8217;t flow to a promoter or fund new capital-raising.</p></li><li><p>Second, the &#167;602(b)(3)(A) mass-minted-series exception is the principal compliance concern for new issuance. Design choices that produce meaningful trait diversity and that price items based on rarity push offerings further from the exception. Marketing focused on the collection&#8217;s use case (art, collectible, membership, access credential) rather than on project-development funding pushes offerings further from the exception. The pre-CLARITY enforcement targets (Founder&#8217;s Keys, Stoner Cats) fit the exception; well-designed art-and-collectible drops do not.</p></li><li><p>Third, fractional-interest and derivative products are outside the safe harbor. Issuers contemplating these products should plan to comply with the general securities-law framework, including possible registration, exemption-based offerings under Reg D or Reg A, or &#167;4B network-token treatment if the structural conditions are met. The &#167;602 safe harbor does not cover them.</p></li><li><p>Fourth, the &#167;602(b)(4) reliance protection is operationally significant. Platforms and marketplaces that maintain reasonable good-faith reliance on the safe harbor for the NFTs they list, custody, or facilitate are protected from penalty exposure even if the Commission later determines that the safe harbor does not apply to a particular collection. Platforms should maintain documentation of the reasonable-belief analysis for each listed collection and monitor SEC pronouncements for prospective changes.</p></li></ul><p>The &#167;602 framework would substantially resolve the NFT regulatory uncertainty that consumed industry attention from 2021 to 2025. The safe harbor is broad, the exceptions are narrow and fact-specific, and the reliance protection is generous. The remaining work is at the margin: drawing the mass-minted-series line, addressing fractional NFTs and derivatives, and integrating NFT activity with the broader CLARITY framework. If the bill is signed, the Commission&#8217;s enforcement-discretion era for NFTs is over, and the statutory framework that replaces it is materially more accommodating of legitimate NFT activity than the pre-CLARITY enforcement posture suggested.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/nfts-after-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/nfts-after-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/nfts-after-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[A Yield-Ban Loophole?]]></title><description><![CDATA[&#167;404 CLARITY and the Political Economy of Stablecoin Rewards]]></description><link>https://davidlopezkurtz.substack.com/p/a-yield-ban-loophole</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/a-yield-ban-loophole</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Wed, 24 Jun 2026 16:02:55 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!bysa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The political fight over payment-stablecoin yield was the most intense lobbying contest in the legislative cycle that produced CLARITY. The banking lobby&#8217;s position was straightforward: payment stablecoins that pay interest are functional substitutes for bank deposits and, if allowed to pay yield, will draw substantial deposit balances out of the regulated banking system into a parallel infrastructure that pays interest without the regulatory overhead of FDIC insurance, capital requirements, and Community Reinvestment Act obligations. The crypto-industry response was that activity-based rewards (liquidity provision, market-making, staking, governance participation, validation, loyalty programs) are legitimately different from deposit interest in both economic substance and competitive function, and that a categorical yield ban would be both overbroad and structurally inconsistent with the broader CLARITY framework&#8217;s preference for activity-based regulation.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!bysa!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!bysa!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 424w, https://substackcdn.com/image/fetch/$s_!bysa!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 848w, https://substackcdn.com/image/fetch/$s_!bysa!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 1272w, https://substackcdn.com/image/fetch/$s_!bysa!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!bysa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png" width="1408" height="937" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/be420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:937,&quot;width&quot;:1408,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2554555,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201501986?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!bysa!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 424w, https://substackcdn.com/image/fetch/$s_!bysa!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 848w, https://substackcdn.com/image/fetch/$s_!bysa!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 1272w, https://substackcdn.com/image/fetch/$s_!bysa!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbe420fc6-3624-4059-a6d6-b4516dcddf02_1408x937.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;404 of CLARITY resolves the fight with a categorical prohibition that has a broad activity-based exception. The categorical prohibition under &#167;404(c)(1) bars a &#8220;covered party&#8221; (a digital asset service provider and its affiliates, excluding permitted payment stablecoin issuers and foreign issuers registered with the Comptroller) from paying interest or yield &#8220;economically or functionally equivalent&#8221; to deposit interest on stablecoin balances held by U.S. persons. The activity-based exception under &#167;404(c)(2) preserves a non-exhaustive list of permissible rewards and incentives that are not deposit-equivalent. The joint SEC-CFTC-Treasury rulemaking under &#167;404(c)(3) would be the comment-letter fight of the post-enactment rulemaking cycle, because the line between &#8220;economically equivalent to deposit interest&#8221; and &#8220;activity-based reward not equivalent&#8221; is where the practitioner work lives.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption"></p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h4>The Structural Choice and the GENIUS Act Companion</h4><p>&#167;404 sits alongside &#167;4(a)(11) of the GENIUS Act, 12 U.S.C. 5903(a)(11), which prohibits permitted payment stablecoin issuers and registered foreign issuers from paying interest or yield on the stablecoins they issue. The GENIUS Act prohibition runs against the issuer. The &#167;404 prohibition runs against everyone downstream of the issuer in the distribution chain, with the limited exception of foreign-issued stablecoins from non-U.S. issuers operating outside the registered-foreign-issuer framework. The two together cover the spectrum: an issuer cannot pay interest on the stablecoin it issues, and a downstream service provider cannot pay interest on the stablecoin balance the customer holds.</p><p>The drafting move is functionally similar to the historical Regulation Q prohibition on interest on demand deposits, 12 C.F.R. pt. 217, which prevented commercial banks from competing for transaction-account deposits on interest-rate terms. Reg Q was eliminated by the Dodd-Frank Act of 2010, but the underlying policy concern (interest-rate competition for transactional liquidity drives bank funding costs up and reduces credit availability) carries through to the &#167;404 stablecoin context. The &#167;404(b) sense-of-Congress provision is explicit about the banking-primacy framing: depository institutions provide financial services integral to the U.S. economy, and the payment of consideration by digital-asset service providers based on payment-stablecoin balances &#8220;in a manner that is economically or functionally equivalent to the payment of interest or yield on an interest-bearing bank deposit may inhibit depository institutions&#8217; key functions in the economy of the United States.&#8221;</p><p>The sense-of-Congress provision also makes the contrary point. Payment stablecoins represent a significant innovation in financial infrastructure that can strengthen the U.S. payments system and the primacy of the U.S. dollar, and activity-based rewards and incentives tied to the use of payment stablecoins and participation in distributed ledger systems are critical to enabling innovation, competition, and consumer adoption. The &#167;404 architecture is structured to permit the latter while prohibiting the former, with the joint rulemaking under &#167;404(c)(3) tasked with drawing the line.</p><h4>The &#8220;Economically or Functionally Equivalent&#8221; Standard</h4><p>&#167;404(c)(1) is the operative prohibition. A covered party shall not, directly or indirectly, pay any form of interest or yield (whether in cash, tokens, or other consideration) to a restricted recipient (a U.S. person who is a customer or user of the covered party) (A) solely in connection with the holding of the recipient&#8217;s payment stablecoins, or (B) on a payment-stablecoin balance in a manner that is economically or functionally equivalent to the payment of interest or yield on an interest-bearing bank deposit.</p><p>Two formulations, with different substantive content. (A) is the cleanest case: a covered party that pays consideration solely in connection with the holder&#8217;s holding of stablecoins, with no other activity required, is paying deposit-equivalent yield. That is the <em>In re BlockFi Lending LLC</em> fact pattern (SEC consent order, $100M, February 2022), the Coinbase Earn fact pattern as alleged in <em>SEC v. Coinbase, Inc.</em>, and the Celsius Earn fact pattern. A customer deposits stablecoins; the platform pays the customer a fixed rate based on the balance and duration. (A) prohibits exactly that, and the prohibition is categorical: no rulemaking required, no activity-based exception applies.</p><p>(B) is the more interesting formulation. It prohibits payments on a stablecoin balance &#8220;in a manner that is economically or functionally equivalent&#8221; to deposit interest. The qualifier &#8220;economically or functionally equivalent&#8221; is the legal standard. The qualifier &#8220;in a manner&#8221; provides the doctrinal hook. Two structural elements drive the analysis. The economic-equivalence test asks whether the payment produces, in substance, the same economic result as deposit interest: a predictable return on a balance over time, without meaningful additional activity by the holder, with downside protection on principal. The functional-equivalence test asks whether the payment serves the same functional role in the customer&#8217;s financial life as deposit interest: a yield on cash held in a transaction account.</p><p>The categorical (A) prohibition catches the simple cases. The &#8220;economically or functionally equivalent&#8221; (B) standard catches the structured cases: products designed to deliver yield-equivalent outcomes through formal compliance with activity-based requirements while economically functioning as deposit substitutes. The joint rulemaking will need to identify the specific operational features that distinguish the two.</p><h4>The Activity-Based Exception</h4><p>&#167;404(c)(2)(A) exempts &#8220;rewards or incentives based on bona fide activities or bona fide transactions that are not economically or functionally equivalent to the payment of interest or yield on an interest-bearing bank deposit pursuant to the regulations promulgated under paragraph (3).&#8221; The exception is conditional on the joint rulemaking, but the exception&#8217;s structural breadth is established by the statute.</p><p>&#167;404(c)(3)(A) directs the SEC, CFTC, and Treasury, no later than one year after enactment, to jointly promulgate regulations to clarify the circumstances under which the &#167;404(c)(1) prohibition and the &#167;404(c)(2) permissible-rewards exception apply. The rulemaking is required to include a non-exhaustive list of permissible activity-based or transaction-based rewards or incentives, including payments to restricted recipients in connection with or in compensation for any of three categories:</p><p>(i) Transaction, payment, transfer, conversion, remittance, or settlement activity, including rebates or incentives provided in connection with the acceptance or use of a payment stablecoin. This is the merchant-acceptance and payment-rewards category. A stablecoin issuer or service provider that pays a rebate on stablecoin payments to merchants, or that pays a cashback equivalent on consumer payments made with stablecoins, is within this category. The structural analogy is credit-card cashback programs and merchant interchange rebates.</p><p>(ii) Providing liquidity for market-making activity, posting of collateral in connection with trading, or otherwise putting assets at credit or investment risk. This is the DeFi-and-trading category. A market-making protocol that pays rewards to liquidity providers, a perpetuals exchange that pays rewards to collateral posters, or a lending protocol that pays rewards to depositors who accept credit risk on borrower defaults is within this category. The structural test is whether the holder is putting assets at credit or investment risk. Static cash-equivalent holding is not in. Active liquidity provision with skin in the game is.</p><p>(iii) The use of any product or service, including participation in governance, validation, staking, or a loyalty, promotional, subscription, or incentive program. This is the broadest of the three categories and is the one that will determine whether the &#167;404 yield ban has substantive bite. Loyalty programs, subscription-based rewards, governance-participation rewards, and validation-based rewards all sit within this category. The question is what counts as &#8220;use of a product or service&#8221; and what counts as mere holding.</p><p>&#167;404(c)(3)(B) is the structural payoff. It clarifies that payments to restricted recipients of consideration, rewards, or benefits that are permissible under &#167;404(c)(2) and &#167;404(c)(3)(A) &#8220;may be calculated by reference to a balance, duration, tenure, or any combination of the foregoing.&#8221; This is the critical drafting choice. Activity-based rewards may be measured by balance, duration, or tenure metrics, provided the rewards are tied to qualifying activity. A loyalty program that pays cashback on stablecoin transactions, with the cashback rate increasing based on the customer&#8217;s balance, duration of platform tenure, or transaction tenure, is permissible if the underlying activity is qualifying.</p><p>The breadth of &#167;404(c)(3)(B) is the structural concession to the crypto-industry position. Activity-based rewards do not have to be flat-rate or transaction-by-transaction. They can be balance-weighted, duration-weighted, or tenure-weighted, provided they are activity-based at the foundation. The economic substance of a balance-weighted activity reward is approximately the same as deposit interest for a customer who engages in any meaningful activity. A 4% annualized cashback rate on stablecoin payments, with the rate paid on the customer&#8217;s total balance rather than on transaction volume, looks substantially like 4% deposit interest with a use-it-or-lose-it cliff. The joint rulemaking will need to draw the line, but &#167;404(c)(3)(B) substantially constrains how restrictively that line can be drawn.</p><h4>&#167;404(c)(4) Anti-Evasion</h4><p>&#167;404(c)(4) provides the anti-evasion authority. A covered party may not circumvent or evade the &#167;404(c)(1) prohibition or the &#167;404(c)(3) rules. The SEC, CFTC, and Treasury may jointly issue such rules as may be necessary or appropriate to prevent circumvention or evasion.</p><p>The anti-evasion language operates as a backstop to the activity-based exception. A program that complies with the literal terms of the &#167;404(c)(2) exception but that, in economic substance, is designed to deliver deposit-equivalent yield to a holder who engages in nominal qualifying activity, is subject to the anti-evasion authority. The joint rulemaking will have to translate evasion into operational terms: what activity threshold is required, what proportionality is required between the activity and the reward, what minimum holding periods or active-use requirements apply.</p><p>The principal anti-evasion concern is &#8220;rake-back&#8221; or &#8220;phantom activity&#8221; structures: a service provider that pays rewards calculated as percentage of balance to a customer who engages in a single low-friction qualifying transaction per period (a single token swap, a single governance vote) is functionally paying yield on the balance while complying with the literal terms of activity-based reward. The rulemaking will have to confront this structure directly. The likely approach is a proportionality test: the reward must be proportionate to the qualifying activity, not a thin layer of activity supporting a balance-weighted reward.</p><h4>&#167;404(c)(5) Good-Faith Reliance</h4><p>&#167;404(c)(5) provides a good-faith reliance safe harbor. A covered party that structures a program in good-faith reliance on &#167;404(c)(2) and &#167;404(c)(3) is not subject to penalties if a subsequent rulemaking or adjudication determines the program falls outside the exception, provided the covered party comes into compliance within 90 days and the violation is not substantially similar to a past violation by the covered party.</p><p>The 90-day cure window is operationally meaningful. It permits aggressive program design at the front edge of the &#167;404(c)(2) line, with the protection that the worst-case downside is a 90-day cure rather than penalty exposure. The anti-recidivism limitation prevents repeat offenders from claiming the safe harbor for each new variant of an essentially similar program.</p><h4>&#167;404(d) Marketing-Representation Prohibition</h4><p>&#167;404(d) addresses the marketing side of stablecoin yield programs. &#167;404(d)(1)(A) prohibits a covered party from representing that payment stablecoins are investment products, deposits, backed by the full faith and credit of the United States, guaranteed by the U.S. government, subject to FDIC deposit insurance, or subject to NCUA share insurance. &#167;404(d)(1)(B) prohibits representing that compensation paid to a restricted recipient in connection with stablecoin holding, use, or retention is paid or generated by the payment stablecoin itself or the issuer, is risk-free or comparable to deposit interest, or is offered, administered, or paid by a person other than the covered party.</p><p>&#167;404(d)(2) prohibits misleading omission of material information necessary to prevent the marketing, promotion, or description from being misleading. The &#167;404(d) prohibitions are structured as marketing-conduct rules rather than as substantive prohibitions on the underlying programs. A program can be lawful under &#167;404(c)(2) and yet be marketed unlawfully under &#167;404(d). The marketing rules are independently enforceable.</p><p>&#167;404(e) imposes joint disclosure-rulemaking authority on the agencies, with required disclosures presented in plain English, identifying the circumstances under which compensation is paid, identifying the responsible persons and any affiliations with the issuer, outlining all material terms, and including a statement that payment stablecoins are not investment products, deposits, or government-backed obligations. &#167;404(e)(4) provides that a covered party that provides the required disclosures is deemed not to have made a prohibited representation under &#167;404(d), provided the marketing does not contradict the disclosures and the disclosures are presented in plain English and in a clear and conspicuous manner.</p><h4>&#167;404(f) Penalties and &#167;404(g) Referral</h4><p>&#167;404(f) provides civil monetary penalties up to $5,000,000 per violation for knowing and willful participation in a &#167;404(c)(1), (d)(1), (d)(2), or (e)(3) violation. &#167;404(f)(2) provides that separate acts of noncompliance with a common originating cause or arising from the same statement or publication count as a single violation, which limits the multiplication of penalties for systematic compliance failures.</p><p>&#167;404(g) directs the SEC and CFTC to refer suspected violations to Treasury, which is the primary enforcement authority under the GENIUS Act framework. The structural choice is to consolidate stablecoin yield enforcement in Treasury rather than to spread it across the three agencies. The SEC and CFTC retain their conduct-rule authority over digital asset service providers, but the &#167;404 enforcement runs through Treasury.</p><h4>&#167;404(i) Third-Party Payments</h4><p>&#167;404(i) addresses third-party payment structures. A covered party is not deemed to violate the &#167;404(c)(1) prohibition solely because an unaffiliated third party independently makes a payment with respect to a payment stablecoin, unless the covered party directs or maintains significant influence over the offering of the consideration and the offering would otherwise violate &#167;404(c).</p><p>The clarification is operationally important. A merchant that independently pays a customer a discount for paying with stablecoins is not subject to the &#167;404 prohibition, and the stablecoin service provider that facilitates the payment is not deemed to have made the payment. The structural choice is to permit unaffiliated-third-party payments to flow through the stablecoin without the service provider&#8217;s involvement being deemed a payment by the service provider. The &#167;404(i) &#8220;directs or maintains significant influence&#8221; qualifier means that a covered party cannot orchestrate a third-party-payment structure to evade the prohibition.</p><h4>The Political Economy and the Comment-Letter Fight</h4><p>If CLARITY is enacted, the joint SEC-CFTC-Treasury rulemaking under &#167;404(c)(3) is going to be the most contested administrative proceeding of the cycle. The banking-lobby comment will press for narrow construction of the activity-based exception, with particular attention to two issues. First, the proportionality between activity and reward: how much qualifying activity is required to support how much reward? A high proportionality requirement (substantial activity required for substantial reward) prevents activity-based programs from functioning as yield substitutes. A low proportionality requirement (nominal activity sufficient for substantial reward) permits activity-based programs to operate as economic equivalents of deposit interest. Second, the calculation-by-reference issue: under what circumstances can rewards be balance-weighted versus transaction-volume-weighted? The banking position will be that balance-weighted rewards are the principal vector for evasion and should be limited.</p><p>The crypto-industry comment will press for broad construction of the exception, with corresponding attention to the same two issues from the opposite direction. The proportionality test should be permissive: activity should qualify if it is bona fide, with the agencies declining to inquire into the proportionality of the resulting reward. The calculation-by-reference allowance under &#167;404(c)(3)(B) should be implemented fully: rewards should be calculable on balance, duration, or tenure metrics provided the underlying activity qualifies.</p><p>The Treasury position is the swing vote. Treasury&#8217;s policy posture on stablecoins, articulated through the GENIUS Act framework and the &#167;404 sense-of-Congress provisions, is supportive of dollar-denominated stablecoin growth as a vehicle for U.S. dollar primacy in global trade and payments. A restrictive &#167;404 rulemaking that suppresses activity-based reward programs would be in tension with that policy. A permissive &#167;404 rulemaking that allows activity-based programs to function as yield substitutes would be in tension with the banking-primacy framing in &#167;404(b)(1). The likely Treasury position is somewhere in the middle: substantive activity required, but not at a level that prevents activity-based programs from operating commercially.</p><h4>Program Design Under &#167;404</h4><p>Four structuring consequences follow.</p><ul><li><p>First, the &#167;404 prohibition is real but narrow. Pure deposit-equivalent yield is out. Activity-based rewards with bona fide qualifying activity are in. The structuring work is in designing programs that satisfy the activity-based exception while delivering the reward economics customers want.</p></li><li><p>Second, the proportionality of activity to reward is the principal regulatory risk. Programs that pay substantial balance-weighted rewards on nominal activity will face anti-evasion scrutiny. Programs that scale rewards with activity are structurally safer. The joint rulemaking will draw the line, but the conservative design approach pre-rulemaking is to keep activity-to-reward proportionality reasonable.</p></li><li><p>Third, marketing and disclosure are independently enforceable. A program can be substantively lawful under &#167;404(c) and yet generate liability under &#167;404(d) and (e). Plain-English disclosure of the program&#8217;s mechanics, identification of the responsible parties, and the boilerplate non-deposit non-investment disclosures are required. The disclosure safe harbor under &#167;404(e)(4) is the operational protection.</p></li><li><p>Fourth, the 90-day cure under &#167;404(c)(5) is the front-edge protection. Aggressive program design in the period before the joint rulemaking is final, in good-faith reliance on &#167;404(c)(2) and the published interim positions, is protected if compliance is achieved within 90 days of a later determination. The defensible posture is aggressive design backed by documented good-faith reliance, with cure protocols ready.</p></li></ul><p>The &#167;404 framework is, in the aggregate, more permissive than the banking lobby wanted and less permissive than the crypto industry wanted. The exception swallows much of the rule, but the rule retains meaningful bite for the simple deposit-equivalent programs that drew the most regulatory attention pre-CLARITY. The joint rulemaking will define the operational scope. If the bill is signed, the political economy of stablecoin rewards becomes a regulatory question rather than a legislative one.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/a-yield-ban-loophole?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/a-yield-ban-loophole?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/a-yield-ban-loophole?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[CLARITY in Bankruptcy]]></title><description><![CDATA[&#167;701 and the Post-FTX Customer-Property Doctrine]]></description><link>https://davidlopezkurtz.substack.com/p/clarity-in-bankruptcy</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/clarity-in-bankruptcy</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 22 Jun 2026 16:01:18 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!PuBc!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The recoveries customers actually received from FTX, Celsius, Voyager, and Genesis depended on bankruptcy doctrines that were never designed to deal with digital assets and that produced results customers would not have predicted. In re Celsius Network LLC, 647 B.R. 631 (Bankr. S.D.N.Y. 2023), held that customer assets held in the Earn program were property of the estate rather than customer property, because the Earn terms of service granted Celsius title to the assets. Custody customers, by contrast, retained property interests in their assets and were not subject to the pro-rata distribution that applied to general unsecured creditors. The 70-cents-on-the-dollar recovery in FTX&#8216;s subsequent reorganization plan, In re FTX Trading Ltd., 1:22-bk-11068 (Bankr. D. Del.), was a function of dollar-denominated claims valuation at the November 11, 2022 petition date, against a recovering crypto market that produced substantial value appreciation during the case. In re Voyager Digital Holdings, Inc., 1:22-bk-10943 (Bankr. S.D.N.Y.), and In re Genesis Global Capital, LLC, 1:23-bk-10063 (Bankr. S.D.N.Y.), produced similar outcomes through similar mechanics. The cumulative lesson was that digital-asset intermediary bankruptcies were governed by ordinary Chapter 7 and Chapter 11 distributional rules rather than by the customer-property protections that apply to securities broker-dealer liquidations under Subchapter III or to commodity broker liquidations under Subchapter IV.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!PuBc!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!PuBc!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 424w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 848w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 1272w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!PuBc!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png" width="1392" height="1054" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1054,&quot;width&quot;:1392,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2528510,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201500118?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!PuBc!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 424w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 848w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 1272w, https://substackcdn.com/image/fetch/$s_!PuBc!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9707ec17-be11-4949-9373-c8394774b0b3_1392x1054.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;701 of CLARITY would change that. It amends 11 U.S.C. &#167; 741 to define &#8220;ancillary asset&#8221; and &#8220;digital commodity&#8221; by reference to the CLARITY Act &#167;2 definitions, expands the &#8220;customer&#8221; and &#8220;customer property&#8221; definitions in &#167;741 to include positions in those assets, and updates &#167;746(b) on the extent of customer claims to cover ancillary assets and digital commodities alongside cash and securities. &#167;701(d) makes the architectural point explicit. In any Subchapter III or IV proceeding, the &#167;701 provisions are to be construed to treat ancillary assets and digital commodities held for customers as customer property required to be distributed according to title 11. &#167;702 supplements &#167;701 by treating digital-commodity transactions as commodity contracts for purposes of the safe-harbor netting and setoff provisions. The combined effect is to extend the customer-property doctrine that has structured securities and commodity broker-dealer bankruptcies for forty years to digital-asset intermediaries, prospectively.</p><h4>The &#167;741 Amendments</h4><p>&#167;701(a)(1) is the principal operative provision. It amends 11 U.S.C. &#167; 741 in seven structurally distinct ways.</p><ul><li><p>First, the existing paragraph numbering in &#167; 741 is reorganized to make room for two new definitions. Existing paragraphs (5) through (9) become (7) through (11); existing paragraphs (1) through (4) become (2) through (5). The reorganization creates space for &#8220;ancillary asset&#8221; at the new (1) and &#8220;digital commodity&#8221; at the new (6). Both definitions are pulled by cross-reference from &#167;2 of CLARITY.</p></li><li><p>Second, the &#167;701(a)(1)(D) amendments to redesignated &#167; 741(3), which defines &#8220;customer,&#8221; add a new subparagraph (B) to capture entities that hold a claim against the broker-dealer on account of a digital commodity or ancillary asset received, acquired, or held by the broker-dealer for the customer&#8217;s securities account. The existing subparagraph (A) lists six purpose categories under which a holding produces customer status. The new subparagraph (B) extends customer status to ancillary-asset and digital-commodity holdings for any of those six purposes. The structural effect is that an ancillary-asset or digital-commodity holding for one of the six purposes (purchase, sale, loan, pledge, custody, or related transaction) produces customer status with respect to that holding, on the same terms as a securities holding.</p></li><li><p>Third, the &#167;701(a)(1)(D)(iv) amendments to the catch-all in redesignated &#167; 741(3)(C) sweep ancillary assets and digital commodities into the residual category of holdings that produce customer status. The amendments insert &#8220;ancillary asset, or digital commodity&#8221; after &#8220;security&#8221; in clause (i) and &#8220;an ancillary asset, a digital commodity,&#8221; after &#8220;a security,&#8221; in clause (ii). The residual covers holdings not enumerated in subparagraph (A) but that nonetheless qualify, on the broker-dealer&#8217;s books or otherwise, as broker-dealer customer holdings.</p></li><li><p>Fourth, the &#167;701(a)(1)(E) amendments to redesignated &#167; 741(5), defining &#8220;customer property,&#8221; add ancillary assets and digital commodities to the list of property types that constitute customer property. The amendments insert &#8220;ancillary asset, digital commodity,&#8221; after &#8220;cash, security,&#8221; in the preamble. The structural effect is that customer property includes not only cash and securities held for customers (as under existing law) but also ancillary assets and digital commodities so held.</p></li><li><p>Fifth, &#167;701(a)(1)(F) adds the &#167;741(6) digital-commodity definition by cross-reference.</p></li><li><p>Sixth, &#167;701(a)(1)(G) amends redesignated &#167; 741(8), defining &#8220;net equity,&#8221; to include ancillary-asset positions and digital-commodity positions alongside securities positions in the net-equity calculation. Net equity is the calculation that determines a customer&#8217;s share of the customer-property pool, and the &#167;741(8) amendment ensures that ancillary-asset and digital-commodity holdings are valued and aggregated with securities holdings for distribution purposes.</p></li><li><p>Seventh, &#167;701(b) amends 11 U.S.C. &#167; 746(b), which addresses the extent of customer claims, to cover ancillary assets and digital commodities alongside cash and securities. The &#167;746(b) provision is the operative one for determining the amount a customer can claim in a Subchapter III proceeding.</p></li></ul><p>The cumulative effect of these amendments is to treat ancillary-asset and digital-commodity holdings, for Subchapter III stockbroker-liquidation purposes, the same way securities holdings have been treated since the Subchapter III framework was enacted. The customer-property pool includes ancillary assets and digital commodities. The customer-property distribution under &#167; 766 runs pro-rata across the entire pool, with each customer receiving a pro-rata share based on net equity. The estate-property residue (assets not part of the customer-property pool) is available to general unsecured creditors after customer-property claims are satisfied.</p><h4>The &#167;746(b) Extent of Claims</h4><p>&#167;701(b) is short but doctrinally important. &#167; 746(b) governs the extent of a customer&#8217;s claim in a Subchapter III liquidation. The existing language limits customer claims to &#8220;cash or a security.&#8221; The amendment expands the formulation to &#8220;cash, a security, an ancillary asset, or a digital commodity.&#8221; The result is that customer claims would extend to the digital-asset positions held by the broker-dealer for the customer, on the same terms as cash and securities.</p><p>The structural significance is that customer claims are valued by reference to the asset class. A customer who held 10 ETH at the broker-dealer has a claim for 10 ETH (or its cash equivalent, depending on the trustee&#8217;s election under &#167; 766). The pre-CLARITY position, exemplified by the FTX claim-valuation methodology, was to value claims in dollars at the petition date, with the customer bearing the upside and downside risk of the underlying asset&#8217;s price movement during the case. The post-&#167;701 position is closer to the SIPC net-equity methodology established in <em>SIPC v. Bernard L. Madoff Inv. Sec. LLC</em>, 522 B.R. 41 (Bankr. S.D.N.Y. 2014), which valued customer claims by reference to actual securities holdings rather than fictitious account balances. The asset-denominated claim formulation is more protective of customers in a recovering market and less protective in a declining one.</p><p>The &#167;766 distribution mechanic continues to operate. The trustee distributes customer property to customers in proportion to net equity, with any shortfall in customer property satisfied by general estate property up to the extent of net equity, and any surplus in customer property returned to the estate for general distribution. The asset-denominated claim valuation creates the possibility of asset-denominated distributions, which is structurally consistent with the customer&#8217;s underlying expectation of receiving the asset rather than its dollar equivalent.</p><h4>&#167;701(c) Technical Amendments to the Safe-Harbor Provisions</h4><p>&#167;701(c) makes technical amendments to &#167;&#167; 546(e), 561, and 752(c) of title 11 to update cross-references following the &#167;741 paragraph renumbering. The substantive change is in &#167;701(c)(1), which amends &#167; 546(e) to reference &#167; 741 generally rather than &#167; 741(7) specifically. &#167; 546(e) is the safe-harbor provision that protects settlement payments from avoidance as preferential or fraudulent transfers. The existing language cross-references &#167; 741(7), which defines &#8220;settlement payment.&#8221; The post-&#167;701 language references &#167; 741 generally, picking up the updated definitions of customer property, ancillary asset, digital commodity, and net equity.</p><p>&#167;701(c)(2) makes parallel amendments to &#167; 561 (which addresses netting under master netting agreements) and &#167;701(c)(3) updates &#167; 752(c)&#8217;s cross-reference. The structural effect is to ensure that the safe-harbor framework operates consistently across the updated &#167;741 definitions and the new ancillary-asset and digital-commodity classifications.</p><h4>&#167;701(d) Clarifications</h4><p>&#167;701(d) is the architectural clarifier. Three points are made explicit.</p><ul><li><p>&#167;701(d)(1) preserves the existing SIPA framework. Securities and cash held by a broker-dealer continue to be governed by SIPA, 15 U.S.C. &#167;&#167; 78aaa et seq. The &#167;701 amendments do not displace SIPA coverage for securities and cash. A broker-dealer that holds both securities and digital commodities for customers will see SIPA coverage continue to apply to the securities-and-cash component and the &#167;701 customer-property framework apply to the digital-commodity-and-ancillary-asset component.</p></li><li><p>&#167;701(d)(2) preserves the existing bank-deposit and commodity-contract frameworks. Deposits held by a bank are not affected. Commodity contracts (covered by Subchapter IV of Chapter 7) continue to be governed by the existing commodity-broker framework. The cross-reference to &#167;702, which adds digital-commodity transactions to the commodity-contract safe-harbor framework, is the bridge.</p></li><li><p>&#167;701(d)(3) is the operative architectural commitment. In any Subchapter III or IV proceeding, the &#167;701 provisions are to be construed to treat ancillary assets and digital commodities held for customers as customer property required to be distributed according to title 11. This is the no-take-back provision. The customer-property treatment cannot be defeated by clever drafting of customer agreements, terms of service, or omnibus account arrangements that purport to convert customer-asset holdings into estate property. The &#167;701(d)(3) construction directive ensures that, regardless of how the broker-dealer characterized the customer relationship pre-bankruptcy, the customer-property treatment applies in the Subchapter III or IV proceeding.</p></li></ul><p>The Earn-versus-Custody distinction from <em>Celsius</em> survives in modified form. A customer agreement that grants the broker-dealer title to the assets is still a customer agreement that does that. But the consequence is different. Under &#167;701(d)(3), even an Earn-style title-transfer arrangement does not defeat customer-property treatment, because the &#167;701 amendments are construed to require customer-property treatment in any Subchapter III or IV proceeding. The structural choice is to override clever customer-agreement drafting in favor of customer-property protection. This is the post-FTX policy commitment, written into the bill.</p><h4>&#167;702: Commodity-Contract Treatment</h4><p>&#167;702 addresses the digital-asset side of the safe-harbor architecture. Subsection (b) provides that a purchase, sale, loan, margin loan, extension of credit, repurchase, reverse repurchase, or other transaction involving a unit of a digital commodity, occurring with a commodity broker, stockbroker, financial institution, financial participant, or securities clearing agency, is deemed to be a commodity contract for purposes of:</p><ul><li><p>(A) the bankruptcy safe-harbor provisions in &#167;&#167; 362(b)(6), 362(o), 546(e), 553, 556, 561, and 562 of title 11. These provisions cover the automatic-stay exception for commodity-contract terminations and offsets, the safe-harbor protections from preference and fraudulent-transfer avoidance, and the contractual setoff and netting rights that commodity-contract counterparties have historically enjoyed.</p></li><li><p>(B) &#167; 11 of the Federal Deposit Insurance Act (12 U.S.C. 1821), which addresses FDIC receivership treatment of qualified financial contracts. The &#167;702 amendment extends qualified-financial-contract status to digital-commodity transactions, with the consequence that close-out netting and offset rights are preserved in bank FDIC receiverships involving digital-commodity counterparties.</p></li><li><p>(C) &#167; 210 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (12 U.S.C. 5390), which addresses orderly-liquidation-authority treatment of qualified financial contracts. The &#167;702 amendment provides parallel treatment under the FDIC&#8217;s orderly-liquidation-authority framework for systemically important institutions.</p></li><li><p>(D) &#167; 5(b)(2)(C) of SIPA (15 U.S.C. 78eee(b)(2)(C)), which addresses SIPC liquidation treatment of qualified financial contracts. The &#167;702 amendment extends qualified-financial-contract status under SIPA for digital-commodity transactions, which is operationally significant for SIPC-protected broker-dealers that also handle digital commodities.</p></li></ul><p>&#167;702(b)(2) provides that digital-commodity transactions are deemed margin payments for purposes of &#167; 548(d)(2)(B) of title 11. The margin-payment safe harbor under &#167; 548(d)(2)(B) protects transferees of margin payments from fraudulent-transfer avoidance, with the consequence that legitimate margin-call payments in digital-commodity transactions cannot be clawed back as constructive fraudulent transfers.</p><p>The structural significance of &#167;702 is that digital-commodity derivatives, repurchase agreements, and securities-lending arrangements receive the same bankruptcy and FDIC-receivership treatment as commodity contracts under the existing framework. The position under current law is uncertain, with the FTX bankruptcy litigation generating substantial commentary on whether digital-commodity derivatives qualified for safe-harbor treatment under &#167; 546(e) and related provisions. &#167;702 would resolve the question by statute.</p><h4>The Earn-versus-Custody Distinction Revisited</h4><p>The single most important pre-CLARITY bankruptcy ruling in the digital-asset space was the <em>Celsius</em> Earn-versus-Custody decision. The court held that customer assets held in Celsius&#8217;s Earn program were property of the estate because the Earn terms of service granted Celsius title, while customer assets held in the Celsius Custody program retained customer-property status because the Custody terms preserved customer ownership.</p><p>The &#167;701 framework treats this distinction in a structurally different way. Under &#167;701(d)(3)&#8217;s construction directive, ancillary assets and digital commodities held for customers in a Subchapter III or IV proceeding are customer property regardless of how the customer agreement characterizes the relationship. The implication is that an Earn-style title-transfer arrangement does not defeat customer-property treatment for ancillary-asset or digital-commodity holdings if the broker-dealer is liquidated under Subchapter III or IV. The customer-property pool includes the Earn-program assets, and the pro-rata distribution under &#167; 766 covers Earn customers on the same terms as Custody customers.</p><p>The practical consequence is that the Celsius Earn customers, in a hypothetical post-&#167;701 reorganization, would have received pro-rata distributions from a customer-property pool that included the assets they deposited in Earn. The dollar value of that recovery would have been substantially higher than the 30-cents-on-the-dollar general-unsecured-creditor recovery they actually received. The asymmetry between Earn and Custody customers, which produced substantial litigation and customer dissatisfaction in the Celsius case, would be eliminated prospectively.</p><p>The &#167;701 framework does not, however, override pre-CLARITY customer agreements or pre-CLARITY bankruptcy proceedings. The Celsius confirmed plan, the Voyager confirmed plan, and the Genesis confirmed plan are not affected. The &#167;701 framework applies prospectively to digital-asset intermediary bankruptcies that begin after the effective date. The &#167;906 effective-date provision is therefore important: &#167;701 applies to cases commenced on or after enactment, and &#167;701&#8217;s customer-property treatment is operative for those cases.</p><h4>Operational Consequences for Intermediaries</h4><p>If &#167;701 becomes law, the operational consequences for digital-asset intermediaries run in five directions.</p><ul><li><p>First, customer-agreement drafting changes. Pre-CLARITY, the dominant drafting approach was to either preserve customer title (the Custody model) or transfer title with a yield-promise (the Earn model). The &#167;701(d)(3) construction directive means that the latter would no longer produce estate-property treatment in a Subchapter III or IV liquidation. The customer-agreement choice would matter less for bankruptcy-distribution purposes, though it still matters for the &#167;404 yield prohibition covered in Post #11 and for the SEC&#8217;s analysis of the underlying product structure under &#167;4B and &#167;301.</p></li><li><p>Second, account-segregation requirements take on new importance. The &#167;701 framework presumes that the broker-dealer maintains records and physical or logical segregation sufficient to identify customer assets. A broker-dealer that comingles customer assets with proprietary assets, or that fails to maintain adequate records of customer holdings, will face the same allocation problems in a Subchapter III liquidation that securities broker-dealers face under SIPA. The Madoff-style fictitious-account-balance problem is avoidable only through rigorous segregation and recordkeeping.</p></li><li><p>Third, the &#167;401(g)(1) and &#167;401(g)(2) bank-permitted custody activities discussed in Post #9 take on additional significance. A bank-conducted digital-asset custody operation that satisfies the bank&#8217;s existing fiduciary and segregation standards is structurally well-positioned for &#167;701 customer-property treatment in the event of bank failure. The interaction with the FDIC receivership framework, governed by &#167; 11 of the FDI Act as amended by &#167;702, is favorable to customers.</p></li><li><p>Fourth, the &#167;702 safe-harbor treatment for digital-commodity transactions is operationally significant for derivatives counterparties. Bilateral digital-commodity derivatives, repurchase transactions, and securities-lending arrangements receive close-out netting and offset protection in the counterparty&#8217;s bankruptcy. The structural change reduces counterparty credit risk for digital-commodity derivatives and supports the development of bilateral derivatives markets in digital assets.</p></li><li><p>Fifth, the &#167;402 portfolio-margining framework (covered in Post #9) interacts with &#167;701 and &#167;702 in important ways. A customer account that holds both securities positions and digital-commodity positions, with cross-margining authorized by the &#167;402 rulemaking, will face Subchapter III treatment for the entire account in the event of broker-dealer failure. The customer-property framework will need to accommodate the cross-margined positions, and the &#167;402 rulemaking will need to specify how customer-property allocation works across asset classes.</p></li></ul><p>The structural lesson is that, under &#167;701, the U.S. bankruptcy framework for digital-asset intermediaries would line up with the framework for securities broker-dealers and commodity brokers. Customer-property protection becomes the default. The Subchapter III and Subchapter IV procedural mechanics become operative. The pre-CLARITY uncertainty that produced Celsius Earn outcomes and Voyager creditor disputes would be resolved. The remaining policy fight is around the SIPC analog for digital assets: &#167;110 of the bill and the &#167;804 SIPC-consultation framework. But the architectural commitment to customer-property treatment is in the bill text, and the next round of digital-asset intermediary failures under this framework would produce customer recoveries materially more aligned with customer expectations than the post-2022 cycle produced.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-in-bankruptcy?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/clarity-in-bankruptcy?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/clarity-in-bankruptcy?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[Banks Can do (almost) Anything Under CLARITY]]></title><description><![CDATA[&#167;401 and the Great Regulatory Unwind]]></description><link>https://davidlopezkurtz.substack.com/p/banks-can-do-almost-anything-under</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/banks-can-do-almost-anything-under</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 19 Jun 2026 16:02:08 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!HQaD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>T<em>he arc of national-bank digital-asset authority from 2020 to 2024 was the cleanest case study available in regulatory whiplash. OCC Interpretive Letter 1170 (July 22, 2020) confirmed that national banks could provide cryptocurrency custody services. IL 1172 (September 21, 2020) extended the authority to holding stablecoin reserves. IL 1174 (January 4, 2021) authorized independent node verification networks and stablecoin issuance. IL 1179 (November 18, 2021) then walked back the predecessor letters by imposing a supervisory non-objection requirement before any covered activity could be conducted. SAB 121 (April 2022, rescinded in 2025) added accounting-side friction by requiring custodied digital assets to be reflected on bank balance sheets. The FDIC&#8217;s 2022 &#8220;pause letters&#8221; to state-chartered banks discouraged or blocked specific digital-asset activities. Custodia Bank, Inc. v. Federal Reserve Board, 1:22-cv-00125 (D. Wyo.), the Operation Choke Point 2.0 hearings, and the BNY Mellon and JPMorgan Onyx custody platforms played out against the same regulatory background. Whether a national bank could custody Bitcoin depended in 2024 on which administration was in office and which OCC interpretive letter was most recent. That posture is not how a federal banking system is supposed to operate.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!HQaD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!HQaD!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 424w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 848w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 1272w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!HQaD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png" width="1452" height="1096" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1096,&quot;width&quot;:1452,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2887971,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201358879?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!HQaD!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 424w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 848w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 1272w, https://substackcdn.com/image/fetch/$s_!HQaD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F638afdca-fb6d-4519-8858-d03aae483f29_1452x1096.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;401 of the engrossed Senate substitute is the legislative end of the arc. The section enumerates fourteen specific bank activities involving digital assets, declares them permissible by statute, authorizes national banks, financial holding companies, federal credit unions, and (by parity) insured state banks and state credit unions to engage in them, eliminates prior-notice and prior-approval requirements outside the existing organic banking statutes, and explicitly excludes the activities from being treated as anything other than the business of banking under 12 U.S.C. &#167; 24 Seventh. Whatever residual question the OCC&#8217;s interpretive-letter framework left open about whether banks could do these activities at all is now answered by Congress.</p><h4>The Fourteen Activities</h4><p>&#167;401(g) is the operative list. It is best read in full because the breadth of the authority granted only becomes apparent when the activities are read consecutively. The list runs to:</p><ol><li><p>providing custodial, fiduciary, or safekeeping services for digital assets; </p></li><li><p>providing related custodial services for digital assets and distributed ledgers, including staking, facilitating digital asset lending, distributed ledger governance services, and advancing funds for the purchase of digital assets or in respect of distributions on digital assets, whether as principal or agent; </p></li><li><p>facilitating customer purchases and sales of digital assets; </p></li><li><p>making loans collateralized by digital assets; </p></li><li><p>engaging in payment activities involving digital assets; </p></li><li><p>purchasing or selling digital assets as principal for any investment or trading purpose; </p></li><li><p>operating a node on a distributed ledger; </p></li><li><p>providing self-custodial wallet software; </p></li><li><p>engaging in derivatives transactions, including related hedging activities, in a manner consistent with 12 C.F.R. &#167; 7.1030 as in effect on the date of enactment; </p></li><li><p>providing brokerage services, including clearing and execution services, whether alone or in combination with other incidental activities; </p></li><li><p>facilitating transactions in the secondary market for all types of digital assets on a riskless principal basis; </p></li><li><p>holding as principal digital assets to the extent incidental to an otherwise permissible activity, including holding digital assets to pay fees arising from distributed ledger system interactions; </p></li><li><p>underwriting, dealing in, or making a market in digital assets; and </p></li><li><p>exercising all such incidental powers as are necessary to carry out any of the activities described in paragraphs (1) through (13).</p></li></ol><p>Read activity by activity, the structural changes are substantial. Custody (g)(1) was confirmed by IL 1170 in 2020 and contested under IL 1179 thereafter. &#167;401 puts it beyond dispute. Related custodial services (g)(2) including staking, lending, governance, and advancing funds were never cleanly addressed in the IL series and were treated as supervisory negotiations under the IL 1179 regime. &#167;401 enumerates them as permitted. The staking authorization in particular intersects with the &#167;4B(a)(5)(B)(iv) custodial staking framework covered in Post #8 of this series: the SEC&#8217;s rule defining &#8220;exclusively administrative or ministerial&#8221; custodial staking will define the operational scope of bank staking services, but the activity itself is statutorily authorized.</p><p>(g)(3) facilitating customer purchases and sales is a brokered-execution authority that maps onto bank trading desks operating as agents for customers. (g)(4) lending collateralized by digital assets covers Bitcoin-backed loans, ETH-backed loans, and the broader category of digital-asset-secured lending that pre-CLARITY regulatory uncertainty had pushed into specialty lenders. (g)(5) payment activities involving digital assets is the stablecoin-payment-rails authority and dovetails with the GENIUS Act framework for permitted payment stablecoin issuers.</p><p>(g)(6) and (g)(13) are the two most expansive grants and deserve separate attention. (g)(6) authorizes purchasing or selling digital assets as principal for any investment or trading purpose. The pre-CLARITY position on bank principal trading in non-stablecoin digital assets was that such activity was not permissible under 12 U.S.C. &#167; 24 Seventh because digital assets were not securities or otherwise within an enumerated category. (g)(6) overrides that position by statute. National banks can now hold Bitcoin, Ethereum, or any other digital asset on their balance sheets as principal investments, subject to safety-and-soundness oversight. (g)(13) authorizes underwriting, dealing in, or making a market in digital assets. The Glass-Steagall residue that nominally separates underwriting and dealing in securities from commercial banking has no analog in the digital-asset context; (g)(13) authorizes the full investment-bank suite of underwriting, dealing, and market-making for digital assets.</p><p>(g)(7) operating a node on a distributed ledger and (g)(8) providing self-custodial wallet software are the infrastructure authorities. Banks can run Ethereum validators, Bitcoin nodes, Solana validators, and similar infrastructure. They can also build and distribute wallet software, including non-custodial wallets where the bank does not hold the underlying keys. The latter is a substantial change from the pre-CLARITY interpretive framework, which would have struggled to fit non-custodial wallet software into 12 U.S.C. &#167; 24 Seventh on a conventional reading.</p><p>(g)(9) derivatives transactions are authorized in a manner consistent with 12 C.F.R. &#167; 7.1030 as in effect on the date of enactment. The reference to &#167; 7.1030 incorporates the OCC&#8217;s existing derivatives regulatory framework. The structural choice is to extend the existing regulatory architecture for bank derivatives activities to digital-asset derivatives, without rewriting the framework.</p><p>(g)(10) brokerage services including clearing and execution and (g)(11) riskless-principal facilitation of secondary-market transactions are the broker-dealer-equivalent authorities. Banks can operate digital-asset brokerage platforms, clear digital-asset trades, and execute customer orders. (g)(11)&#8217;s riskless-principal authority specifically addresses the structural issue that bank trading of digital assets for customers requires the bank, in practice, to use its own account to offset the customer trade. The pre-CLARITY position was that riskless-principal digital-asset trading was not within &#167; 24 Seventh; (g)(11) overrides.</p><p>(g)(12) holding as principal digital assets to the extent incidental to an otherwise permissible activity includes the de minimis category of bank operations: holding tokens to pay protocol fees, holding stablecoins for payment-rail operations, holding governance tokens to participate in protocol decisions affecting bank-held assets. The &#8220;incidental to&#8221; qualifier means the bank&#8217;s holding must be tied to another permitted activity, but the catchall is broad enough to accommodate the full range of operational holdings.</p><p>(g)(14) the incidental-powers clause is the residual. It authorizes &#8220;all such incidental powers as are necessary to carry out any of the activities described in paragraphs (1) through (13).&#8221; The clause functions like the parallel residual in 12 U.S.C. &#167; 24 Seventh (&#8221;such incidental powers as shall be necessary to carry on the business of banking&#8221;), and operates as the catchall under which the OCC has historically expanded national-bank authority case-by-case. After &#167;401, the OCC can rely on (g)(14) to authorize incidental activities that have not yet been invented.</p><h4>The Structural Choice: Business-of-Banking by Statute</h4><p>&#167;401(c)(2) is the doctrinally important provision. It declares that the activities described in paragraphs (1) through (5) and (7) through (14) of &#167;401(g) &#8220;are authorized as part of, or incidental to, the business of banking under the paragraph designated as the &#8216;Seventh&#8217; of section 5136 of the Revised Statutes (12 U.S.C. 24).&#8221; The activity numbered (6), principal trading for investment or trading purpose, is conspicuously absent from &#167;401(c)(2)&#8217;s business-of-banking declaration. The omission appears intentional. (g)(6) authorizes the activity as a statutory matter, but the business-of-banking classification under &#167; 24 Seventh, which has historically constrained bank principal-trading activity in securities, is not extended.</p><p>&#167;401(c)(2)&#8217;s structural move matters because it bootstraps the &#167;401 activities into the existing 12 U.S.C. &#167; 24 Seventh framework rather than creating a parallel regulatory architecture. The activities are not granted under a new digital-asset banking statute. They are added to the conventional business-of-banking framework. That has two consequences. First, the existing supervisory and safety-and-soundness framework applies. The OCC&#8217;s examiners can examine bank digital-asset activities the way they examine bank securities, deposit-taking, and lending activities. Second, the existing legal infrastructure (sound banking principles, customer-protection rules, transaction-with-affiliates restrictions, lending limits) applies. The &#167;401(c)(3) rule of construction reinforces this: the digital-asset character of an activity does not exempt it from any prohibition, restriction, registration, limitation, or other requirement that would apply if the activity were conducted without digital-asset involvement. A bank conducting an underwriting under (g)(13) with respect to a digital asset that is a security must still comply with the securities laws applicable to that underwriting; a bank conducting derivatives transactions under (g)(9) must still comply with the derivatives regulatory framework. The (c)(3) clause is the equivalent of the &#167;505 tokenization-parity rule covered in Post #13: form does not change substance.</p><p>&#167;401(b) extends the same architecture to financial holding companies under &#167; 4(k) of the Bank Holding Company Act of 1956. The &#167;401(g) activities are declared &#8220;financial in nature&#8221; for &#167; 4(k) purposes, which authorizes FHCs (and their subsidiaries) to engage in the activities under the existing &#167; 4(k) regulatory framework. The structural effect is that the major bank holding companies (JPMorgan Chase, Bank of America, Wells Fargo, Citigroup, Goldman Sachs, Morgan Stanley) and their non-bank subsidiaries (JPMorgan Onyx/Kinexys, the BNY Mellon digital-asset custody platform, the State Street digital-asset division) can conduct &#167;401(g) activities at the holding-company level without separate banking-statute authorization.</p><h4>State-Bank Parity and Credit Unions</h4><p>&#167;401(d) provides state-bank parity. For purposes of FDI Act &#167; 24(a) and (d), the activities authorized for national banks under &#167;401(c) are permissible for insured state banks and their subsidiaries to engage in as principal. The parity provision means that a state-chartered bank can do anything a national bank can do under &#167;401, subject to state-law authorization and FDIC supervisory oversight. The Custodia Bank precedent on master-account access (the <em>Custodia Bank</em> litigation in the D. Wyo.) is not directly addressed by &#167;401, but the parity provision means that a state-chartered specialty bank holding a state crypto-banking charter (Wyoming SPDIs, the Nebraska digital-asset depository institution charter, the Texas industrial banking framework) can engage in &#167;401 activities to the extent the FDIC&#8217;s supervisory regime permits.</p><p>&#167;401(e) extends authority to federal credit unions, with the &#167;401(g) activities classified as authorized under &#167; 107(17) of the Federal Credit Union Act. &#167;401(f) provides credit-union parity for state-chartered credit unions, subject to state law and any NCUA limitations applicable to insured credit unions. The credit-union authorization is meaningful because the pre-CLARITY interpretive framework on credit-union digital-asset activities was even more restrictive than the national-bank framework. The 2021 NCUA Letter to Credit Unions 21-CU-16 permitted limited custody-and-execution partnerships with third-party providers but did not authorize principal-trading or full-service digital-asset banking. &#167;401 changes that.</p><h4>&#167;401(h) and the End of Prior Approval</h4><p>&#167;401(h) is short and consequential. It eliminates prior-notice and prior-approval requirements for the &#167;401 activities, except for those required under the National Bank Act, the Federal Reserve Act, the Bank Holding Company Act, and the Federal Credit Union Act. The OCC&#8217;s IL 1179 prior-supervisory-non-objection regime is foreclosed. The FDIC&#8217;s pause-letter framework, to the extent it operated as a prior-approval requirement outside the existing banking statutes, is foreclosed. The Federal Reserve&#8217;s pre-CLARITY positions on Federal Reserve-supervised institutions engaging in digital-asset activities, to the extent they imposed prior-approval requirements outside the existing statutes, are foreclosed.</p><p>The &#167;401(h) carve-out for the organic banking statutes means that the routine supervisory tools the agencies use under those statutes (examination, capital and liquidity requirements, supervisory expectations communicated through guidance, enforcement actions for unsafe-and-unsound practices) remain available. What is foreclosed is the imposition of new prior-approval regimes that are not grounded in the existing organic statutes. The structural choice is to require the agencies to use the tools they have rather than to invent new tools for the digital-asset space.</p><p>&#167;401(i) preserves the existing safety-and-soundness authorities of the federal banking agencies and the NCUA. The activities authorized under &#167;401 are subject to ordinary supervisory oversight, and the agencies retain authority to determine that any &#167;401 activity, as conducted by a particular institution, is unsafe or unsound and to take enforcement action accordingly. The structural choice is permissive-by-default with safety-and-soundness backstop, not permissive-with-prior-approval.</p><h4>&#167;401(j) and the NFT Exclusion</h4><p>&#167;401(j) excludes nonfungible assets from the authorities granted under &#167;401. The exclusion runs through the entire section. Banks cannot custody NFTs, lend against NFTs, deal in NFTs, or make markets in NFTs under &#167;401. The cross-reference to &#167;602&#8217;s NFT framework covered in Post #12 of this series is implicit but important. NFTs sit in their own regulatory bucket under CLARITY. The bank-permissibility framework does not extend to that bucket.</p><p>The structural choice reflects the residual policy concerns about NFT market structure, valuation, and customer-protection issues. The May 2025 SEC staff statement on NFTs noted ongoing concerns about pump-and-dump schemes, market manipulation, and investor protection in NFT markets. Congress responded by excluding NFTs from the bank-permissibility regime, on the theory that banks should not be brokers, dealers, or custodians for an asset class with the volatility and information-asymmetry characteristics of NFTs. The exclusion is open to revisiting as the NFT market matures, but for now banks are not permitted to deal in or hold NFTs as principal.</p><h4>&#167;402 Portfolio Margining and &#167;403 Netting</h4><p>The cross-references to &#167;402 and &#167;403 deserve brief attention. &#167;402 directs the CFTC and SEC to jointly issue rules to facilitate portfolio margining across securities, security-based swaps, futures, options on futures, swaps, and digital commodities. The rule must address the bankruptcy and SIPA treatment of accounts holding mixed assets, and must be developed with the participation of the Federal Reserve, FDIC, OCC, state bank supervisors, and SIPC. The portfolio-margining framework is structurally important because the &#167;401 activities position banks to operate brokerage and clearing services for digital-asset and securities products simultaneously. The cross-margining of those positions is operationally significant for capital efficiency, and the &#167;402 rulemaking will determine how aggressively the agencies can authorize netting across asset classes.</p><p>&#167;403 directs the Fed, OCC, and FDIC to develop risk-based and leverage capital requirements that address netting agreements providing for termination and close-out netting across multiple types of financial transactions, in the event of counterparty default. The netting-recognition framework is structurally important for derivatives and other transactions involving digital assets. The pre-CLARITY position on whether close-out netting of digital-asset derivatives transactions qualified for capital netting recognition under the existing risk-based capital rules was uncertain, and &#167;403 directs the agencies to clarify.</p><h4>The Regulatory-competition Dynamic</h4><p>The &#167;401 framework reshapes the competitive landscape for digital-asset financial services. Three structural shifts are worth flagging.</p><p>First, national banks now have substantially equivalent authority to state-chartered specialty banks. The Wyoming SPDIs (Custodia, Kraken Bank as it eventually exists, Avanti as it existed), the Nebraska digital-asset depository institutions, and the federally chartered specialty banks that have been chartered or are pending now compete on a level playing field with national banks for digital-asset banking business. The &#167;401(d) parity provision means that state-chartered banks are not disadvantaged relative to national banks on the federal-law authority front, but the federal supervisory regime (OCC for national banks, FDIC for state-chartered banks) and the master-account-access framework (covered partially by the Custodia Bank litigation) remain separate questions.</p><p>Second, financial holding companies can now offer the full digital-asset suite. JPMorgan&#8217;s Onyx/Kinexys platform, BNY Mellon&#8217;s digital-asset custody platform, State Street&#8217;s tokenization platform, and similar offerings at other major institutions can be expanded to include underwriting, market-making, principal trading, and brokerage activities. The competitive pressure on the standalone crypto exchanges (Coinbase, Kraken, Gemini, the Crypto.com US operation) will increase as the major FHCs enter the market with the structural advantages of established banking franchises (customer base, capital, regulatory relationships).</p><p>Third, federal credit unions enter the market with &#167;401(e) authority. The historically conservative posture of the credit-union industry on digital-asset activities is now a strategic choice rather than a regulatory mandate. The largest credit unions (Navy Federal, State Employees&#8217;, PenFed) can engage in custody, brokerage, lending, and other &#167;401 activities. The competitive effect on smaller community banks, which have historically competed with credit unions in retail and small-business banking, is direct.</p><h4>The &#167;404 Yield Carve-Out is the Limit</h4><p>&#167;404, covered in Post #11 of this series, is the residual prohibition on a &#8220;covered party&#8221; (a digital asset service provider and its affiliates, excluding permitted payment stablecoin issuers and registered foreign stablecoin issuers) paying interest or yield &#8220;economically or functionally equivalent&#8221; to deposit interest on payment stablecoin balances held by U.S. persons. The &#167;404 prohibition does not apply to banks engaged in &#167;401 activities other than payment-stablecoin yield, but it shapes the bank-stablecoin-product design space. A bank operating a payment-stablecoin product cannot pay interest on stablecoin balances in a manner equivalent to deposit interest; the bank&#8217;s stablecoin offering and its deposit offering must be substantively differentiated. The &#167;404(c)(2) activity-based exception preserves activity-based rewards for liquidity provision, market-making, staking, governance participation, validation, and loyalty programs, which leaves substantial room for bank-stablecoin product design even within the &#167;404 prohibition.</p><h4>Takeaways</h4><p>&#167;401 may be the most consequential statutory change in U.S. banking law since the Gramm-Leach-Bliley Act of 1999. Once passed, the pre-CLARITY interpretive uncertainty will be over over. The prior-approval framework outside the existing organic banking statutes is foreclosed. The state-bank parity, FHC authority, and credit-union authority provisions complete the framework.</p><p>The structural questions that remain are about execution rather than authority. How will the OCC, FDIC, Federal Reserve, and NCUA exercise their ongoing supervisory oversight of &#167;401 activities? How will the SEC and CFTC develop the &#167;402 portfolio-margining framework? How will the &#167;403 netting rulemaking shape capital efficiency for bank digital-asset derivatives activity? How will the &#167;404 yield prohibition interact with bank stablecoin product design? These are the next round of practitioner questions, but they are questions about how banks engage in digital-asset activities, not whether they can.</p><p>The dynamic to watch is the rapidity of bank entry into the digital-asset business. The structural advantages of the major bank holding companies (regulatory relationships, capital, established customer bases, deposit franchises) are real. The structural disadvantages (legacy technology, conservative compliance culture, slow product cycles) are also real. The competitive pressure on the standalone crypto-native firms will be substantial. The market structure of U.S. digital-asset financial services in 2030 is going to look very different from the market structure of U.S. digital-asset financial services in 2025, and &#167;401 is the reason.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/banks-can-do-almost-anything-under?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/banks-can-do-almost-anything-under?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/banks-can-do-almost-anything-under?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[Staking, Airdrops, and the Gratuitous Distribution Doctrine (oh my)]]></title><description><![CDATA[&#167;4B(a)(5) is broader than you think]]></description><link>https://davidlopezkurtz.substack.com/p/staking-airdrops-and-the-gratuitous</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/staking-airdrops-and-the-gratuitous</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Wed, 17 Jun 2026 16:03:35 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!suuD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>For nine years after the IRS published Notice 2014-21 treating Bitcoin as property, the federal regulatory posture on staking and airdrops was a collection of unanswered questions held together by enforcement risk. Was a staking reward a security under SEC v. W.J. Howey Co., 328 U.S. 293 (1946)? The SEC took that position in SEC v. Kraken, No. 3:23-cv-06003 (N.D. Cal.), and the consent order required Kraken to shut down its U.S. staking-as-a-service program. The SEC tried again in the Earn program allegations in SEC v. Coinbase, Inc., 2:24-cv-04734 (S.D.N.Y.). Was the receipt of a staking reward a taxable realization event? Rev. Rul. 2023-14, 2023-33 I.R.B. 484, said yes on dominion-and-control. Was an airdrop a security distribution? SEC v. LBRY, Inc., 639 F. Supp. 3d 211 (D.N.H. 2022), suggested the answer could be yes for programmatic protocol rewards. Was a liquid staking token its own security? In re Voyager Digital Holdings, Inc., 1:22-bk-10943 (Bankr. S.D.N.Y.), and the CFTC&#8217;s position in related proceedings hinted at yes. The Corporation Finance staff statements on protocol staking (May 29, 2025) and liquid staking (August 5, 2025) softened some of these positions on a staff-only basis, but the Commission had not spoken and the statutory law remained as it was in 1933. Adding a note because I have had a couple people be confused - CLARITY is still a draft, so this is all subject to change. </em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!suuD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!suuD!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 424w, https://substackcdn.com/image/fetch/$s_!suuD!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 848w, https://substackcdn.com/image/fetch/$s_!suuD!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 1272w, https://substackcdn.com/image/fetch/$s_!suuD!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!suuD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png" width="1456" height="991" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:991,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2737682,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201355958?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!suuD!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 424w, https://substackcdn.com/image/fetch/$s_!suuD!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 848w, https://substackcdn.com/image/fetch/$s_!suuD!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 1272w, https://substackcdn.com/image/fetch/$s_!suuD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1ca85e87-aa46-472b-8d03-cad30061ae8b_1474x1003.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Two things changed in early 2026. The first is the joint SEC-CFTC interpretation effective March 23, 2026, Release Nos. 33-11412 and 34-105020, which the Commission issued (with CFTC concurring guidance) and which expressly supersedes the 2019 Framework and all prior staff statements on these topics. The release sets out a detailed framework for protocol mining, protocol staking (in four flavors), staking receipt tokens, wrapping, and airdrops. The second is CLARITY&#8217;s &#167;4B(a)(5), which codifies a six-clause statutory taxonomy of &#8220;gratuitous distribution&#8221; and applies the &#167;4B(b)(4) non-security presumption to each clause. Read together, the interpretation and the statute substantially eliminate the staking-and-airdrop enforcement risk that consumed industry attention from 2021 through 2025. The interpretation defines the analytical method; the statute codifies the bottom-line treatment. This post reads them together.</p><p>&#167;4B(a)(5) of the Securities Act, added by &#167;102 of CLARITY, replaces the enforcement-risk soup with a defined term and a six-clause taxonomy. The defined term is &#8220;gratuitous distribution,&#8221; and it sweeps far more broadly than the word &#8220;gratuitous&#8221; suggests. The taxonomy enumerates self-staking, self-custodial third-party staking, liquid staking, custodial and ancillary staking services, programmatic and automated distributions, and a technology-neutral residual. Each receives a non-security presumption under &#167;4B(b)(4)(A). The cumulative effect is the most consequential statutory accommodation of staking and airdrop economics anywhere in U.S. law.</p><h4>The Definition Does the Work</h4><p>&#167;4B(a)(5)(A) defines a gratuitous distribution as &#8220;a distribution of a network token, including a distribution effected by an agent or other service provider engaged solely in an administrative or ministerial capacity, in exchange for not more than a nominal value of cash, property, services, or other assets in a broad, equitable, and non-discretionary manner.&#8221; The substantive elements are four: distribution of a network token, optional agent involvement in a strictly administrative capacity, exchange for not more than nominal value, and broad-equitable-non-discretionary character.</p><p>The &#8220;not more than a nominal value&#8221; formulation is the principal limit on the otherwise expansive definition. A distribution made in exchange for substantial consideration is not gratuitous. An airdrop sized to a holder&#8217;s prior on-chain activity but with no payment required is. A staking reward delivered in exchange for staked capital and validator effort is, on a literal reading of &#8220;exchange for,&#8221; not in exchange for nothing, but the bill&#8217;s enumerated clauses confirm that staking falls within the term. The drafting is best read as: gratuitous means without significant out-of-pocket cash payment to the distributor. Staking is gratuitous because the staker provides validator effort to the protocol and receives rewards from the protocol, not from a counterparty who is selling them. The broad-equitable-non-discretionary requirement screens out targeted private placements dressed up as airdrops. A distribution made only to accredited investors who pay a tokenization fee is not gratuitous. A distribution made to everyone who held a particular NFT before a snapshot date is.</p><p>&#167;4B(a)(5)(B) then enumerates six specific mechanisms that are gratuitous distributions, &#8220;without limitation.&#8221; The enumeration is not exhaustive; the technology-neutral residual in clause (vi) makes that explicit. But each enumerated mechanism receives statutory recognition, and reading the six side by side is the cleanest way to understand the doctrine.</p><h4>The Six Clauses</h4><p>Clause (i), self-staking, covers the distribution of a network token as a programmatic result of validating or staking activity for a consensus mechanism, where the owner of the staked token and the operator of the node, validator, or similar software are the same person. The paradigmatic example is the solo Ethereum validator running her own node on her own staked ETH. The reward she receives is statutorily a gratuitous distribution. So is the reward a solo Solana, Cosmos, or Polkadot validator receives. The clause is technology-agnostic on consensus mechanism; proof-of-stake, delegated proof-of-stake, proof-of-history, and any future consensus mechanism producing token rewards for validating activity are within its scope, provided the validator is the token owner.</p><p>Clause (ii), self-custodial staking with a third party, extends the same treatment to the case where the staked token owner and the node operator are different persons, but the operator does not maintain custody or control of the staked token. The paradigmatic example is the Lido validator running infrastructure on behalf of stakers who hold the staked tokens themselves through a smart-contract escrow. Rocket Pool&#8217;s minipool architecture is similar in structure: the node operator stakes its own ETH plus rETH-routed customer ETH, and operates the validator software without holding direct custody of the customer&#8217;s principal. The clause confirms that non-custodial delegated staking is gratuitous. The structural test is custody. If the operator does not control the staked token, the distribution remains gratuitous.</p><p>Clause (iii), liquid staking, addresses the LST architecture that has become the dominant form of staking in the Ethereum ecosystem. The clause covers &#8220;the distribution of network tokens, as the issuance, transfer, or redemption of liquid staking tokens representing a pro rata interest in staked network tokens, and their associated rewards, provided that such tokens are issued as administrative or ministerial receipts and not providing discretionary management authority.&#8221; The administrative-or-ministerial language is the operative limit. An LST that conveys a pro rata interest in the underlying staked tokens and accruing rewards, without conferring discretionary management authority on the issuer, is a gratuitous distribution. An LST that conveys a discretionary right (a yield-optimizing manager&#8217;s authority to redirect capital among validator sets in exchange for performance fees) is not, or at least not within clause (iii). Lido&#8217;s stETH, Rocket Pool&#8217;s rETH, ether.fi&#8217;s eETH, and Coinbase&#8217;s cbETH all sit within the safe side of the line as currently designed, with cbETH the closest to the edge because the validator selection is centralized but the holder rights are still pro rata receipt rights.</p><p>Clause (iv), custodial and ancillary staking services, is the SEC-rulemaking clause. It covers custodial or ancillary staking services enabling the owner of a network token to participate in validating or staking activity, where the services are &#8220;exclusively administrative or ministerial in nature.&#8221; &#167;4B(a)(5)(B)(iv)(I). &#167;4B(a)(5)(B)(iv)(II) directs the Commission to issue rules defining what custodial and ancillary staking services qualify as exclusively administrative or ministerial. This is the post-<em>Kraken</em>, post-<em>Coinbase Earn</em> clause. Custodial staking-as-a-service is gratuitous if it is administrative or ministerial, and the operational content of that test has substantially been resolved at the federal-securities-law level by the joint SEC-CFTC interpretation. Under Release No. 33-11412, a &#8220;custodial arrangement&#8221; in which a custodian stakes deposited digital commodities on behalf of a depositor does not involve essential managerial efforts under <em>Howey</em> if the custodian does not decide whether, when, or how much of the depositor&#8217;s digital commodity to stake; does not guarantee or otherwise set the amount of rewards; selects a third-party node operator (where applicable) as its only staking-process decision; and holds the deposited digital commodities in a manner that (1) does not use them for operational or general business purposes, (2) does not lend, pledge, or rehypothecate them for any reason, and (3) is designed not to subject them to claims by third parties. The depositor retains ownership of the deposited digital commodity throughout. The release also expressly identifies four ancillary services that do not constitute essential managerial efforts: slashing coverage, early unbonding, alternate rewards payment schedules and amounts (provided rewards are not fixed, guaranteed, or greater than protocol-set amounts), and aggregation of digital commodities to meet protocol minimums. The Commission&#8217;s eventual &#167;4B(a)(5)(B)(iv)(II) rulemaking will have to honor the structure the joint release establishes; the remaining contested area is custodial arrangements that involve discretionary validator selection, pooled-customer-asset management, or other features beyond the release&#8217;s conditions.</p><p>Clause (v), programmatic and automated distributions, is the airdrop catch-all. The mechanism must be automated, programmatic, protocol-defined, or rules-based; achieved through the transparent functioning of the DLS; subject to five conditions. The conditions track the language elsewhere in the bill on decentralization and transparency. (I) Distributions must occur pursuant to public, transparent, rules-based parameters publicly available and accessible on a permissionless basis, without individualized or real-time negotiation with recipients. (II) Recipients receive tokens as a direct programmatic result of objective, verifiable network participation, consumption, or contribution, including consensus participation, data availability, bandwidth, governance, or use and interaction with the protocol or application. (III) The number of tokens received is proportionate to the verifiable service, usage, or contribution. (IV) Any expected utility or value of the tokens arises primarily from decentralized network participation and market forces, rather than the discretionary actions of any single person or affiliated group. (V) No person or group has unilateral authority to alter, restrict, or direct the issuance parameters or distribution mechanisms, and any modification occurs only through a DGS.</p><p>The five conditions read together describe the difference between a properly-structured retroactive airdrop and a sweetened insider distribution dressed up as a community reward. The Optimism retroactive airdrops to Ethereum bridge users, the Arbitrum airdrop to active arbitrum.io users, and the Uniswap airdrop to historical LPs all sit comfortably within clause (v) if the eligibility rules are objective and rules-based. A discretionary &#8220;community contributor&#8221; airdrop curated by the founding team&#8217;s judgment of who counts as a contributor is harder to fit. The (II) requirement of objective, verifiable network participation does not, on its face, permit the team to award tokens based on subjective merit. Point programs that resolve into token distributions face a similar analysis: if the point allocation is rules-based and the conversion to tokens is mechanical, clause (v) covers it. If the point allocation is discretionary, it is not.</p><p>Clause (vi), the technology-neutral catch-all, covers any distribution employing a mechanism, protocol, or technology not specifically described in clauses (i) through (v), without regard to whether the mechanism is in existence at the time of enactment, provided the distribution meets the &#167;4B(a)(5)(A) general requirements. This is the future-proofing clause. Whatever the next generation of staking and reward mechanisms turn out to be, if they distribute network tokens in exchange for nominal or no value in a broad-equitable-non-discretionary manner, they get gratuitous-distribution treatment. The clause is structurally similar to other technology-neutral residual clauses in the bill and protects against the recurring problem of statutory definitions overtaken by technical innovation.</p><h4>The &#167;4B(b)(4) Non-security Presumption</h4><p>&#167;4B(b)(4)(A) provides that, notwithstanding &#167;4B(b)(1), a gratuitous distribution by itself does not constitute an offer, sale, or distribution of a security under &#167;2(a)(1) of the Securities Act, &#167;3(a) of the Exchange Act, &#167;2(a) of the Investment Company Act, &#167;202(a) of the Advisers Act, &#167;16 of SIPA, or any state-law equivalent that is not commodity-consistent. The presumption is rebuttable, but the burden of proof shifts. A plaintiff or enforcement agency contending that a gratuitous distribution is in fact a securities transaction must affirmatively prove it.</p><p>&#167;4B(b)(4)(B) is the anti-fraud savings clause. The non-security presumption does not displace the anti-fraud, anti-manipulation, or false-reporting authorities of the SEC, the CFTC, or state regulators. A gratuitous distribution that is structured to defraud or manipulate is still actionable on those grounds. The non-security status applies to the registration-and-disclosure architecture of the federal securities laws, not to the anti-fraud overlay.</p><p>The doctrinal effect of &#167;4B(b)(4)(A) on the existing case law is direct. <em>LBRY</em>&#8216;s holding that LBC distributions to early users were unregistered securities offers does not survive &#167;4B(b)(4)(A) as applied to the <em>LBRY</em> fact pattern, at least prospectively. The SEC&#8217;s theory in <em>Coinbase Earn</em> that pooled-customer staking constituted a securities transaction is preserved only to the extent the staking service does not qualify as exclusively administrative or ministerial under the &#167;4B(a)(5)(B)(iv)(II) rulemaking, which is to say only to the extent the Commission&#8217;s rule says so. The Kraken consent order is preserved as a historical compliance matter, but the substantive theory underlying it is foreclosed prospectively. <em>Jarrett v. United States</em>, 1:21-cv-00419 (M.D. Tenn.), and the tax-side staking-rewards realization analysis remain live questions on a different track; &#167;4B(b)(4) deals only with the securities-law treatment of staking.</p><h4>Cross-Reference to Bank-Permitted Activities</h4><p>&#167;401(g)(2), covered in Post #9 of this series, authorizes national banks and federally insured depository institutions to provide staking and &#8220;related services&#8221; to customers. The provision works alongside &#167;4B(a)(5)(B)(iv). Banks may offer custodial staking under the &#167;401(g)(2) authority; the staking rewards delivered to customers in connection with that activity are gratuitous distributions under &#167;4B(a)(5)(B)(iv) to the extent the bank&#8217;s service satisfies the exclusively administrative or ministerial standard the SEC will define. The combined effect is that banks can offer custodial staking products in the same way they offer custodial securities-lending and cash-sweep products, without the principal product (the reward) being a separate security.</p><p>The state-bank parity provisions in &#167;401(d) extend the same authority to state-chartered banks meeting the FDIC&#8217;s parallel determinations. The credit-union provisions in &#167;401(e) and (f) extend it to federally insured credit unions. The customer experience under CLARITY is that staking will become a routine banking product, indistinguishable in user interface from a savings account except in the substantive economics of the underlying mechanism. The SEC rulemaking under &#167;4B(a)(5)(B)(iv)(II) will set the operational rules.</p><h4>Liquid-Staking Carve-Out and the Administrative-or-Ministerial Framing</h4><p>Clause (iii)&#8217;s &#8220;administrative or ministerial receipts and not providing discretionary management authority&#8221; qualifier is the load-bearing element of the LST treatment. The SEC&#8217;s pre-CLARITY interpretive posture, as developed in the joint interpretive release of March 2026, treated LSTs as receipts for non-security digital commodities, subject to specified conditions including no rehypothecation, no lending without consent, and custody designed to prevent third-party claims. CLARITY codifies a compatible position and, importantly, does not require the joint-release conditions to be satisfied as a matter of definition. The statutory test is administrative-or-ministerial-receipt character and non-discretionary management.</p><p>A well-structured LST satisfies the test. The token represents a pro rata claim on a pool of staked tokens and accruing rewards. The issuer&#8217;s role is limited to running validator infrastructure, accepting deposits, issuing receipt tokens, and processing redemptions according to a predetermined formula. No discretionary management is involved. The rewards flow mechanically from the protocol to the staking contract to the token holders, with the issuer taking a fixed fee from the gross reward stream.</p><p>A poorly-structured LST does not. An LST that confers on the issuer discretionary authority to redirect capital among different chains, to engage in leveraged staking strategies, or to execute MEV-extraction-and-share programs on staked capital is, structurally, an actively-managed pooled investment vehicle. Clause (iii) does not protect it. The administrative-or-ministerial language is the gating test.</p><p>Two structuring implications follow. First, LST issuers who want clause (iii) treatment should design the issuance-and-redemption mechanism to be fully programmatic. The smart contracts should accept ETH, deposit it with predetermined validator operators, and mint stETH or rETH or equivalent in proportion. Discretionary validator selection by the issuer is permissible, but discretionary capital reallocation outside the staking activity is not.</p><p>Second, restaking protocols (EigenLayer and its analogs) sit at the edge of clause (iii). A restaking position involves the staking of an already-staked LST or LRT to secure additional services. The restaker accepts additional slashing risk in exchange for additional reward streams. The restaking layer&#8217;s treatment depends on whether the issuance, transfer, and redemption of the restaking receipt token operates as administrative-or-ministerial receipts of the additional reward stream, or as a more discretionary management of additional risk-reward exposure. The joint SEC-CFTC interpretation expressly declines to address restaking (Release No. 33-11412, footnote 107), which means the SEC&#8217;s eventual rulemaking under &#167;4B(a)(5)(B)(iv)(II) (and any subsequent interpretive release) will carry the analytical weight. The structural answer for a properly-built restaking protocol is that the receipt token tracks a programmatic position with no discretionary management, in which case clause (iii) covers it. But restaking-specific guidance is not yet available, and practitioners structuring restaking offerings should plan for an extended period of interpretive uncertainty.</p><p>The joint release&#8217;s Staking Receipt Token analysis is, however, fully applicable to ordinary (non-restaked) liquid staking. The release treats an SRT that is a receipt for a non-security crypto asset not subject to an investment contract as itself a receipt rather than a security, on the theory that the SRT evidences ownership of the deposited digital commodity (and its accruing rewards) without providing any independent essential managerial efforts. The definition of &#8220;security&#8221; in &#167;2(a)(1) of the Securities Act expressly includes a &#8220;receipt for&#8221; a security, but a receipt for a non-security is not a security. The release reaches this conclusion for both protocol-based liquid staking providers (Lido, Rocket Pool) and third-party liquid staking providers (custodial models with receipt-token issuance), subject to the same custody-and-non-discretion conditions described above for custodial staking. The SRT secondary-market trading is also covered. This is the substantive interpretive piece that practitioners structuring LST offerings have been pressing for since 2022, and it is now in place.</p><h4>Airdrops and the <em>LBRY</em> Problem</h4><p>The <em>LBRY</em> holding deserves attention because it was the high-water mark of the SEC&#8217;s pre-CLARITY airdrop theory. The court held that LBC, distributed through a series of programmatic mechanisms including mining rewards, content-creator rewards, and operating-system airdrops, constituted unregistered securities offers because purchasers had a reasonable expectation of profits from LBRY Inc.&#8217;s ongoing development efforts.</p><p>Under &#167;4B(b)(4)(A), the same fact pattern (programmatic mining rewards, content-creator rewards, operating-system airdrops) is presumptively not a securities offering. Each of the three distribution mechanisms maps onto clause (v) of &#167;4B(a)(5)(B): they are automated, programmatic, protocol-defined, rules-based, and proportionate to verifiable contribution. The non-security presumption applies. To rebut, the SEC would need to establish, against the &#167;4B(b)(4)(B) carve-out, that some anti-fraud or anti-manipulation violation occurred, not merely that the distributions otherwise satisfied <em>Howey</em>.</p><p>The structural shift is that <em>Howey</em> compliance with respect to a gratuitous distribution is now decided by the &#167;4B(b)(4) presumption, not by a fresh four-prong analysis. The four prongs continue to operate as the theoretical foundation; an originator-controlled offering of an ancillary asset in exchange for cash is still an investment contract under &#167;4B(b)(1). But a gratuitous distribution, by statutory presumption, does not satisfy the offer-or-sale element of &#167;5. The case is over.</p><p>The retroactive cleanup in &#167;4B(k)(3) extends the presumption to pre-effective-date gratuitous distributions, foreclosing future SEC enforcement based on historical airdrop conduct, provided the originator complies with the &#167;4B(c)(3) transition disclosure obligations. The <em>LBRY</em> judgment remains as a final adjudication, but no future LBRY-style case can be brought.</p><p>The joint SEC-CFTC release adds a doctrinal layer that runs alongside the statutory presumption. Section VII of Release No. 33-11412 interprets the <em>Howey</em> &#8220;investment of money&#8221; prong with respect to airdrops, concluding that recipients who do not provide money, goods, services, or other consideration to the issuer in exchange for the airdropped non-security crypto asset have not made an &#8220;investment of money,&#8221; and that the <em>Howey</em> test therefore fails at the first prong. The release identifies three illustrative scenarios within the interpretation: an airdrop to existing holders of another specified crypto asset where the issuer does not announce the airdrop before dissemination; an airdrop to users of a testing-environment version of a crypto system after deployment; and an airdrop to users of a related software application based on prior use, where the issuer does not announce the airdrop before dissemination. The release excludes airdrops in which the recipient provides consideration in exchange for the asset (such as a service performed in exchange for the airdrop) or where recipients must fulfill conditions subsequent to the airdrop announcement to receive the asset. For airdrops that fit within the release&#8217;s interpretation, the conclusion that no investment contract is created is independent of CLARITY&#8217;s &#167;4B(b)(4) presumption: the <em>Howey</em> test simply does not apply because one of its required elements is missing. The two frameworks operate in parallel, with the joint release providing the constitutional-and-doctrinal foundation and CLARITY providing the statutory backstop and procedural mechanisms.</p><h4>Practitioner Structuring Takeaways</h4><p>For protocols planning post-CLARITY token launches, the gratuitous-distribution architecture is the most generous channel available. A retroactive airdrop sized to historical on-chain activity, distributed proportionately to objective metrics, with no individualized negotiation and no discretionary &#8220;contributor&#8221; allocations, satisfies clause (v) and receives the &#167;4B(b)(4) non-security presumption. The originator avoids &#167;5 registration, avoids the &#167;4B(d) disclosure menu (which attaches only to ancillary assets, not to gratuitous distributions, and the asset itself can be a network token without ancillary-asset status if its value does not depend on continuing originator efforts), and lands in a posture closer to the pre-2017 ICO-era treatment of community distributions, but with statutory rather than enforcement-discretion support.</p><p>For staking-service operators, the path forward is the &#167;4B(a)(5)(B)(iv) rulemaking. The crypto-industry comment-letter effort will be focused on getting &#8220;administrative or ministerial&#8221; defined broadly enough to cover the operational realities of custodial staking. The traditional-securities-bar position will be that the term should be construed against the issuer in cases of pooled customer assets and aggregated validator selection. Operators should plan for a regulatory line that covers operational custody but does not protect discretionary capital management of staked assets.</p><p>For liquid-staking protocol issuers, the design principle is administrative-or-ministerial-receipt character. Issuance, transfer, and redemption should be programmatic. Discretionary management should be excluded from the issuer&#8217;s role. Fee structures should be fixed and transparent. The Lido and Rocket Pool architectures are within the safe side of the line; any restaking or active-validator-selection design needs to be evaluated against the (iii) standard with care.</p><p>For airdrop designers, the design principle is rules-based proportionate distribution. Snapshot dates, eligibility criteria, and allocation formulas should be objectively measurable and publicly disclosed in advance. Discretionary contributor awards should be moved to a separate program with separate documentation; mixing rules-based and discretionary distributions in a single airdrop transaction is the principal way to lose clause (v) coverage for the entire transaction.</p><p>The &#167;4B(a)(5) framework is, in the aggregate, the most consequential statutory accommodation of post-Ethereum token economics yet enacted. Staking is gratuitous. Airdrops are gratuitous. LSTs are gratuitous receipts. Custodial staking can be gratuitous once the SEC defines administrative-or-ministerial. And the technology-neutral clause means the framework keeps working as the underlying mechanics evolve. The tax treatment of these distributions remains a separate question, sequenced with the tax-article queue covered in Post #16 of this series, but the securities-law treatment is now resolved.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/staking-airdrops-and-the-gratuitous?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/staking-airdrops-and-the-gratuitous?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/staking-airdrops-and-the-gratuitous?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[Software, speech, and the Blockchain ]]></title><description><![CDATA[Regulatory Certainty Act inside CLARITY]]></description><link>https://davidlopezkurtz.substack.com/p/software-speech-and-the-blockchain</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/software-speech-and-the-blockchain</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 15 Jun 2026 16:03:26 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!q-0d!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The prosecutions of Roman Storm and Alex Pertsev sat at the center of every digital-asset policy conversation for the three years before CLARITY was engrossed. The U.S. case, United States v. Storm, No. 1:23-cr-00430 (S.D.N.Y.), charged the co-founder of Tornado Cash with conspiracy to commit money laundering and to operate an unlicensed money transmitting business based on his role in developing and publishing the protocol&#8217;s open-source smart-contract code. The Dutch prosecution of Pertsev produced a five-year prison sentence in May 2024 on substantially similar theories. Van Loon v. Department of the Treasury, 122 F.4th 549 (5th Cir. 2024), held in parallel that OFAC could not designate immutable smart-contract addresses under IEEPA because the addresses were not &#8220;property&#8221; capable of being blocked under the statute. The result was a doctrinal split that put publishing source code somewhere between protected First Amendment expression (Bernstein v. United States Department of Justice, 176 F.3d 1132 (9th Cir. 1999); Junger v. Daley, 209 F.3d 481 (6th Cir. 2000)) and a federal felony, depending on what the code did once it was published and whether the publisher could be characterized as still controlling it.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!q-0d!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!q-0d!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 424w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 848w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 1272w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!q-0d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png" width="1167" height="1512" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1512,&quot;width&quot;:1167,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2922517,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201354934?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!q-0d!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 424w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 848w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 1272w, https://substackcdn.com/image/fetch/$s_!q-0d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9cabc62b-35c3-4840-9e52-a8e307453a47_1167x1512.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Title VI of CLARITY resolves the split in favor of speech. The resolution runs through three operative provisions and one rulemaking direction. &#167;601 amends both the Securities Act and the Exchange Act to immunize a defined list of activities from securities-law liability. &#167;604, which incorporates the Blockchain Regulatory Certainty Act in substance, defines &#8220;non-controlling developer or provider&#8221; and exempts that class from money-transmitter status under 31 U.S.C. &#167; 5330 and 18 U.S.C. &#167; 1960. &#167;605, the Keep Your Coins Act, prohibits federal agencies from restricting self-custody. &#167;301(b)(2)(B), covered in Post #6 of this series, directs the SEC&#8217;s rulemaking on non-DeFi trading protocols to protect the First Amendment rights of software developers, publishers, and users. Read together, they are the most explicit congressional accommodation of code-as-speech doctrine since the Crypto Wars of the 1990s.</p><h4>&#167;601 and the new Securities Act / Exchange Act safe harbors</h4><p>&#167;601(a) inserts a new &#167;27C into the Securities Act of 1933 titled &#8220;Application to Software Developers.&#8221; &#167;601(b) inserts a parallel &#167;15H into the Securities Exchange Act of 1934. Both sections operate as carve-outs. They provide that a person is not subject to the underlying Act, or to the regulations under that Act, &#8220;solely based on&#8221; engaging in any of a defined list of activities, whether singly or in combination, in relation to the operation of a distributed ledger system or any component of it. The lists in &#167;27C(b) and &#167;15H(b) are not identical, and the differences matter.</p><p>The Securities Act &#167;27C(b) safe harbor lists two activity categories. (1) compiling network transactions, relaying, searching, sequencing, validating, or acting in a similar capacity. (2) providing computational work, operating a node or oracle service, or procuring, offering, or utilizing network bandwidth, or providing other similar incidental services. The Securities Act safe harbor stops there. The list maps onto the &#167;301(a)(2)(C)(i) and (ii) activity carve-outs covered in Post #6 of this series, and the drafting parallel is intentional.</p><p>The Exchange Act &#167;15H(b) safe harbor adds a third category: (3) developing, publishing, or constituting a distributed ledger system, or software or systems (including wallets) that facilitate user self-custody. &#8220;Constitute&#8221; is defined in &#167;15H(a)(1) to mean compiling, assembling, integrating, or otherwise combining software components into a complete software system. So the Exchange Act safe harbor protects, in plain English, building or distributing the protocol itself, plus building or distributing wallet software. The Securities Act safe harbor protects only running infrastructure for it. The asymmetry is reasonable: the Exchange Act has historically been the source of the broker, dealer, and exchange registration claims that have been pressed against software publishers, while the Securities Act has been the source of issuer-side registration claims that would not apply to pure development activity in any event.</p><p>Both safe harbors apply &#8220;solely based on&#8221; the listed activity. That phrase is important. It does not immunize a developer who is doing the protected activity plus other unprotected conduct. A developer who publishes a protocol and also operates a custodial business using that protocol is not within the safe harbor for the custodial business. The carve-out tracks the activity, not the actor. A developer who limits her activity to the listed categories cannot be a respondent in a Securities Act or Exchange Act proceeding founded on those activities. A developer whose activities exceed the listed categories has to defend the excess activity on its own terms.</p><p>&#167;15H also incorporates a clarification regime. &#167;15H(d)(1) directs the Commission, through notice-and-comment rulemaking, to clarify the circumstances under which a person engaging solely in one or more of four additional activities, in relation to the operation of a decentralized finance trading protocol or any component, is not subject to the Exchange Act. The four are: (A) providing a user interface that enables a user to read and access data; (B) administering, maintaining, or distributing a decentralized governance system or a decentralized finance trading protocol; (C) administering, maintaining, or distributing a decentralized finance messaging system or operating a smart-contract-based liquidity pool; and (D) administering, maintaining, or distributing software or systems facilitating user self-custody. The clarification rulemaking imports the &#167;15H(d)(2) considerations: consistency with securities-law purposes, applicability of the Lummis-Gillibrand RFIA &#167;108(a), protection of First Amendment rights of developers, publishers, and users, and legal clarity for DLS development.</p><p>&#167;15H(d) is the bridge from the categorical safe harbor in &#167;15H(b) to the activities that surround front-end interface operation, governance facilitation, and liquidity-pool participation. The bill does not categorically immunize those activities. It directs the SEC, instead, to draw lines through rulemaking, with First Amendment compliance as a binding statutory directive. The structural choice is sensible: front-end operators and liquidity-pool participants are closer to the edge of the protected zone than core developers or infrastructure operators, and the lines need to be drawn with attention to operational facts. The &#167;15H(d)(3) rule of construction is also important. It confirms that the Commission has no authority over persons, systems, software, or activities that do not otherwise fall within the Commission&#8217;s jurisdiction under the Exchange Act, and creates no presumption that any activity is subject to the Act.</p><p>&#167;15H(e) preserves the Commission&#8217;s anti-fraud, anti-manipulation, and false-reporting authorities. The &#167;15H(b) and (d) determinations of non-subject status do not extend to those authorities. The point is structurally the same one made in &#167;4B(b)(4)(B) and &#167;4B(h): the offering and registration regime is the regime being immunized. Anti-fraud authority continues to run, on its own terms, against anyone who satisfies the elements of an anti-fraud violation.</p><p>&#167;15H(f) prevents the Commission from leveraging the section to expand its authority over digital commodities or to regulate the &#167;15H(d)(1) activities beyond what existing law permitted. &#167;15H(g)(1) preempts state securities, commodities, and digital-asset laws as applied to the &#167;15H(b) activities, with &#167;15H(g)(2) preserving state AML, anti-fraud, and anti-manipulation authority. The federal-preemption choice for the &#167;15H(b) activities, but not the &#167;15H(d) clarification activities, is deliberate. The categorical safe harbor activities are protected fully, including from state blue-sky enforcement. The clarification-rulemaking activities are protected only to the extent the SEC&#8217;s rule provides protection, and state law may continue to operate in the meantime.</p><h4>&#167;604: BRCA and the money-transmitter line</h4><p>&#167;604 incorporates the Blockchain Regulatory Certainty Act as a discrete subtitle. The substantive provision is &#167;604(c), which states that &#8220;notwithstanding any other provision of law,&#8221; a non-controlling developer or provider shall not be treated as a money transmitting business under 31 U.S.C. &#167; 5330 or as engaged in money transmitting under 18 U.S.C. &#167; 1960, and shall not be subject to any registration requirement substantially similar to those in &#167;&#167; 5330 or 1960, solely on the basis of creating or publishing software, providing hardware or software facilitating customer self-custody, or providing infrastructure support to maintain a distributed ledger service.</p><p>The definitional work in &#167;604(b)(3) is where the law gets decided. A &#8220;non-controlling developer or provider&#8221; is one that, in the regular course of operations, &#8220;does not have the legal right or the unilateral and independent ability to control, initiate upon demand, or effectuate transactions involving digital assets to which users are entitled, without the approval, consent, or direction of any other third party.&#8221; The phrase tracks the structural test the Fifth Circuit applied in <em>Van Loon</em> to the Tornado Cash smart contracts. The court held that immutable smart contracts were not &#8220;property&#8221; capable of being blocked under IEEPA because no one had the ability to control them. &#167;604(b)(3) takes the same control-in-fact concept and applies it as a statutory test for BSA money-transmitter exposure.</p><p>Three structural elements deserve attention. First, the test is conjunctive on its enumerated dimensions (&#8221;control, initiate upon demand, or effectuate&#8221;). A developer who lacks the ability to do any of these things on her own is non-controlling. A developer who has the ability to do any one of them is controlling. Second, the inability must be operational, not contractual. The phrase &#8220;in the regular course of operations&#8221; means that a developer with a theoretical legal right to control that she does not exercise is still controlling if she could exercise it. The test is functional. Third, the consent of a third party defeats independent control. A developer who can only act with the consent of a multisig she does not control, or only at the direction of a DAO vote she does not control, is non-controlling. This is the structural exit for protocol teams that have migrated upgrade authority to DAOs.</p><p>&#167;604(d) clarifies that the safe harbor does not extend to a person who acts &#8220;with the specific intent to transfer, on behalf of another person, funds that are known... to be derived from a criminal offense or intended to be used to promote or support unlawful activity.&#8221; That language tracks 18 U.S.C. &#167; 1960(b)(1)(C) and the <em>United States v. Velastegui</em> line on knowing and intentional unlicensed money-transmission liability. The point is that the &#167;604(c) safe harbor protects publishing and infrastructure activity; it does not protect knowing facilitation of criminal money movement. A developer who builds a mixer with the specific intent to launder criminal proceeds is still exposed under &#167;1960(b)(1)(C) even if she meets the structural non-controlling test.</p><p>&#167;604(e) is the conduct-based residual. It preserves application of money-transmitter classification based on conduct outside the scope of &#167;604(c). A developer who is non-controlling with respect to the protocol but also operates a custodial exchange remains subject to BSA classification as to the exchange activity. The carve-out tracks activity, again, and follows the same architectural pattern as &#167;15H(b) and &#167;301(a)(2)(C).</p><p>The interaction with FinCEN&#8217;s 2019 guidance is direct. FIN-2019-G001 already drew a similar line, exempting from money-transmitter status persons providing &#8220;anonymizing software&#8221; but treating as money transmitters persons providing &#8220;anonymizing services&#8221; with control over user funds. &#167;604(b)(3) codifies the control-in-fact line and overrides any FinCEN interpretive position that would treat a non-controlling developer or provider as a money transmitter. FinCEN&#8217;s existing guidance on developers of unhosted-wallet software, mining-pool operators, and protocol publishers is now interpretive support for, rather than independent authority over, the &#167;604 line.</p><h4>&#167;605: self-custody as a federal right</h4><p>&#167;605 is the Keep Your Coins Act. The operative provision is &#167;605(c): a federal agency may not prohibit, restrict, or otherwise impair the ability of a covered user to self-custody digital assets using a self-hosted wallet or other means to conduct transactions for any lawful purpose. A &#8220;covered user&#8221; is defined in &#167;605(b)(1) as a U.S. individual who obtains digital assets to purchase goods or services on behalf of that individual, without regard to the method of acquisition. A &#8220;self-hosted wallet&#8221; is defined in &#167;605(b)(2) as a digital interface used to secure and transfer digital assets where the owner retains independent control.</p><p>The provision operates as a statutory bar on federal-agency action restricting self-custody. The 2020 FinCEN NPRM (Notice 2020-CVC-2), which proposed reporting and recordkeeping requirements for unhosted wallet transactions, is foreclosed in the form it took. The IRS Final Regulations on Broker Reporting, T.D. 10000, which extended Form 1099-DA reporting to certain unhosted-wallet intermediaries, would need to be re-evaluated under &#167;605 to the extent any provision could be characterized as restricting individuals from self-custody for the purchase of goods or services. The provision does not preempt state law (state AML and state consumer-protection authorities remain operative), and it does not bar lawful enforcement under existing federal authority.</p><p>&#167;605(d) preserves federal-agency enforcement authority under the Bank Secrecy Act, the Combating Russian Money Laundering Act &#167;9714, the Fentanyl Sanctions Act &#167;7213A, and any other law relating to illicit finance, money laundering, terrorism financing, or U.S. sanctions. The drafting choice is to immunize ordinary self-custody activity by individuals, while preserving the enforcement authorities that target unlawful activity. The line is narrower than some self-custody advocates wanted, but it is broad enough to take the 2020 FinCEN NPRM, and any successor proposal in that form, off the table.</p><h4>&#167;301(b)(2)(B) and the First Amendment as binding directive</h4><p>&#167;301(b)(2)(B), covered in Post #6 of this series, directs the Commission to &#8220;protect the rights of software developers, publishers, and users to create, publish, and use code and software in a manner consistent with the First Amendment to the Constitution of the United States.&#8221; The directive is binding on the &#167;301 rulemaking and, through cross-reference, on the &#167;15H(d) clarification rulemaking. The same First Amendment compliance directive recurs in &#167;15H(d)(2)(C).</p><p>The legal substance of the directive is <em>Bernstein</em> and <em>Junger</em>. Both circuits held that source code is expressive speech subject to First Amendment protection, and that prepublication restraints on source-code publication are subject to strict scrutiny. <em>Bernstein</em>, 176 F.3d at 1140-46; <em>Junger</em>, 209 F.3d at 484-85. The doctrinal posture has been stable for twenty-five years, but the Tornado Cash prosecutions tested it under contemporary money-transmitter and OFAC theories. The Fifth Circuit in <em>Van Loon</em> reached the OFAC question and held that immutable smart contracts were not &#8220;property&#8221; capable of being blocked. The criminal prosecutions of Storm and Pertsev pressed past the First Amendment defense on the theory that the developers were not merely publishing code but operating the resulting protocol. CLARITY codifies a line that tracks the Fifth Circuit&#8217;s reasoning and preempts the prosecutorial theory that conduct adjacent to publication can be reached on a code-equals-conduct basis.</p><p>Three points about how the directive operates. First, the directive is binding on agency rulemaking, not on the agency in litigation. The SEC and Treasury can still bring enforcement actions that would have been brought under existing law against persons whose conduct exceeds publishing and operating infrastructure. What they cannot do is promulgate rules that themselves restrict the protected activity. The directive is structural, not adjudicative. Second, the directive is enforceable through the Administrative Procedure Act. A rule that fails to comply with the First Amendment directive is &#8220;not in accordance with law&#8221; under 5 U.S.C. &#167; 706(2)(A) and can be set aside. Third, the directive is paired with the &#167;604 categorical safe harbor and the &#167;605 self-custody right. A First Amendment violation by an agency would, in many cases, also be a &#167;604 or &#167;605 violation. The directive operates as a backstop to the categorical provisions, not as the sole protection for the protected activity.</p><h4>What the Tornado Cash defendants would have under CLARITY</h4><p>Roman Storm was charged with conspiracy to commit money laundering under 18 U.S.C. &#167; 1956(h), conspiracy to operate an unlicensed money transmitting business under 18 U.S.C. &#167; 1960, and conspiracy to violate IEEPA under 50 U.S.C. &#167; 1705. The &#167;1960 count is the one most directly affected by &#167;604.</p><p>Storm&#8217;s defense, in substance, was that he was a software developer who published open-source code and that the code, once published, ran without his ability to control it. The Department of Justice&#8217;s theory was that Storm and his co-defendants continued to operate the Tornado Cash front-end, maintained relay infrastructure, and were paid by the protocol&#8217;s token economics in ways that constituted operation, not just publication. The factual question of how much operational control Storm retained is for the jury. The legal question of whether non-controlling-developer status is a defense to &#167;1960 is for the court.</p><p>Under &#167;604(c), if Storm met the &#167;604(b)(3) non-controlling test for the relevant activity, the &#167;1960 charge based on that activity could not proceed. Whether he met the test is fact-specific. The protocol&#8217;s smart contracts are immutable; the relay network was, as a structural matter, an open infrastructure layer that anyone could run; the front-end was open-source and forkable. On those facts, a substantial portion of the &#167;1960 charge would not survive the &#167;604(c) safe harbor. The &#167;604(d) intent carve-out preserves prosecution to the extent the government can prove specific intent to transfer criminally derived funds, but that is a meaningfully higher evidentiary standard than the general money-transmitter theory of liability the government pressed at trial.</p><p>The IEEPA charge sits outside &#167;604 and is unaffected directly. The OFAC designations of Tornado Cash smart-contract addresses were withdrawn by Treasury in March 2025 following <em>Van Loon</em>. Whatever criminal exposure remains under the IEEPA theory is a function of whether the defendants knowingly transacted with sanctioned addresses during the period the designations were in effect, which is a question independent of the &#167;604 safe harbor.</p><p>The &#167;1956 money-laundering charge requires proof of intent to conceal or to promote unlawful activity. &#167;604(d) confirms that the safe harbor does not reach intentional money laundering. The &#167;1956(h) charge survives on its own elements, but its application to publishing and infrastructure activity is constrained by the &#167;604(c) categorical immunity for the publishing and infrastructure conduct itself.</p><p>The structural shift is what matters. Under existing law, a developer of an immutable mixer protocol faced the same nominal exposure as the operator of a custodial mixing service, with the defense to be litigated case-by-case. Under &#167;604 and &#167;605, the developer of an immutable mixer protocol is not a money transmitter under &#167;5330 or &#167;1960 by reason of the publication, and the user of that protocol cannot be restricted by federal-agency rulemaking from self-custodying her own funds and using the protocol for lawful purposes. The unlawful-purpose conduct remains prosecutable on the unlawful-purpose elements. The publishing and self-custody conduct does not.</p><p>The takeaway is the one Coin Center has been articulating for years. Code is speech. Publishing is protected. Self-custody is a right. Conduct that exceeds publication, infrastructure operation, and self-custody remains regulable on its own terms. CLARITY does not invent any of this; it codifies what the constitutional doctrine has said since 1999, with the operational definitions that the criminal-law and BSA enforcement regimes have lacked. The cost of getting these provisions through Congress was the &#167;305 temporary-hold regime and the &#167;307 monetary-instrument amendment covered in Posts #14 and #15. Whether the trade was worth it is a separate question. But the protections that did make it into Title VI are, on their face, the most substantial statutory accommodation of code-as-speech doctrine in the history of U.S. financial regulation.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/software-speech-and-the-blockchain?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/software-speech-and-the-blockchain?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/software-speech-and-the-blockchain?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[The (Non)Decentralized Trading Protocol]]></title><description><![CDATA[&#167;301 and the new line between Uniswap and Coinbase]]></description><link>https://davidlopezkurtz.substack.com/p/the-nondecentralized-trading-protocol</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/the-nondecentralized-trading-protocol</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 12 Jun 2026 16:02:54 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!Gkou!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Every lawyer working in this space since 2021 has been asked the same question at least once: where exactly is the line? The SEC&#8217;s view, articulated through the Wells notice to Uniswap Labs in April 2024 and the SEC v. Coinbase exchange-registration theory, was that the line might not exist as a useful concept at all. Anything that matched a buyer to a seller in a digital asset was potentially an unregistered exchange, broker, or clearing agency, and the question of whether the matching was done by code or by a human dealer was a detail rather than a distinction. The other view, quietly endorsed by the CFTC&#8217;s Ooki DAO consent order to the extent it implicitly conceded the inverse case, was that a protocol that executes solely under pre-encoded rules without an intermediating person is not the kind of thing the Exchange Act was drafted to capture.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Gkou!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Gkou!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 424w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 848w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 1272w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Gkou!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png" width="1129" height="876" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:876,&quot;width&quot;:1129,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1987072,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201351377?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Gkou!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 424w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 848w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 1272w, https://substackcdn.com/image/fetch/$s_!Gkou!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F212d5b16-b4c8-4ef8-bb9b-97bc539b5493_1129x876.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>&#167;301 of the engrossed Senate substitute draws the line. It does so without using the word &#8220;DeFi&#8221; as a regulatory category and without granting blanket immunity to anything that wears the name. The drafting move is structurally similar to the &#167;4B move covered in Post #2 of this series. <em>Howey</em> survives as a routing test rather than a substantive trigger; the Exchange Act survives as a regime for &#8220;non-decentralized finance trading protocols&#8221; that meet a three-prong test, with an explicit list of activities that do not, by themselves, push a protocol into that bucket. The third prong of the test, and the activity carve-out list, are where the practitioner work lives. Everything else is plumbing.</p><h4>The Three-prong Test</h4><p>&#167;301(a)(1) starts with a definition wide enough to include almost every venue practitioners think of as DeFi. A &#8220;decentralized finance trading protocol&#8221; is a distributed ledger system through which multiple participants can execute a financial transaction in accordance with an automated rule or algorithm that is predetermined and non-discretionary, and without reliance on a person other than the user to maintain custody or control of any digital assets subject to the financial transaction. Two structural elements. The execution is rule-bound rather than discretionary. The custody runs through user-controlled wallets rather than through an intermediary&#8217;s omnibus account. Uniswap&#8217;s automated market maker satisfies both. Curve, Balancer, Aerodrome, GMX&#8217;s perpetuals engine, dYdX v4, and the Cosmos chain on which dYdX v4 lives all satisfy both. So does a much wider universe of orderbook DEXs, RFQ systems, and intent-based settlement protocols, provided that custody never passes to a third party at any step in the execution path.</p><p>That baseline definition is then put into productive tension with &#167;301(a)(2), which defines &#8220;non-decentralized finance trading protocol&#8221; as a DeFi trading protocol that meets one or more of three conditions. The protocol is non-DeFi if a common-control person or in-concert group has the authority, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, to control or materially alter the functionality, operation, or rules of consensus or agreement of the protocol. &#167;301(a)(2)(A)(i). Or if the protocol does not operate, execute, and enforce its operations and transactions based solely on pre-established, transparent rules encoded directly within the source code of the distributed ledger system. &#167;301(a)(2)(A)(ii). Or if a common-control group has the authority, via operation of the protocol, to restrict, censor, or prohibit use of the protocol, including any applicable system-based user activity. &#167;301(a)(2)(A)(iii).</p><p>The disjunctive &#8220;or&#8221; is doing the work. Any one of the three is enough to flip the protocol out of the safe DeFi bucket and into the bucket that triggers SEC Exchange Act registration plus Bank Secrecy Act obligations, to the extent the Commission&#8217;s &#167;301(b) rulemaking determines that applicable requirements are triggered. Practitioners need to walk each prong carefully against the actual operational facts of any protocol they advise.</p><ul><li><p>Prong (i) is the control-in-fact test. It is intentionally broad. &#8220;Any contract, arrangement, understanding, relationship, or otherwise&#8221; tracks the &#167;3(a)(9) common-control language in the Exchange Act and the analogous attribution rules under 17 C.F.R. &#167; 240.13d-3. A protocol whose smart contracts can be upgraded by an admin key held by a labs entity is captured. A protocol whose parameters can be changed unilaterally by a multisig outside of any governance vote is captured. The harder cases involve hybrid governance: a DAO that votes, but where the labs entity holds the timelock and has historically pushed through proposals the team favored. The drafting question is whether the team has authority &#8220;directly or indirectly&#8221; through the chain of custody from proposal to execution. If the answer is yes on any link, the protocol is non-DeFi under (i). The &#167;301(f)(1) special rule on decentralized governance systems, which I will come to, takes the DGS itself out of the common-control calculus, but does not save a protocol whose governance is nominally DAO-run but operationally team-controlled.</p></li><li><p>Prong (ii) is the source-code test. The protocol must operate, execute, and enforce solely on pre-established, transparent rules encoded directly in source code. The word &#8220;solely&#8221; is operative. A protocol with a single off-chain RFQ component that intermediates pricing fails (ii). A protocol with an off-chain solver network where solvers are themselves running open-source clients on user-controlled signing keys probably does not, although the line gets fuzzy when solvers are paid through a permissioned auction system run by the labs entity. The Across, CowSwap, and UniswapX solver designs each raise this question in slightly different forms. Counsel structuring intent-based protocols should be designing the solver auction to live on-chain or to operate under open-access rules; closed solver sets controlled by the protocol team risk failing (ii).</p></li><li><p>Prong (iii) is the censorship test. It asks whether a common-control group has authority, via operation of the protocol, to restrict, censor, or prohibit use, including any applicable system-based user activity. The &#8220;via operation of the protocol&#8221; qualifier is important. Front-end interfaces that filter OFAC-sanctioned addresses do not, on a straight reading, satisfy (iii) because they do not operate via the protocol; they operate via a separate web application that points at the protocol. The protocol itself remains permissionless. <em>Van Buren v. United States</em>, 593 U.S. 374 (2021), is not directly analogous, but the structural distinction between an access control imposed at the application layer and one imposed at the protocol layer maps onto the same fact pattern. The harder version of (iii) is the hard-coded blocklist. A protocol whose smart contracts check a sanctions oracle and revert transactions from sanctioned addresses operates censorship &#8220;via operation of the protocol.&#8221; If the censorship authority sits with a common-control group, even a group that updates the oracle infrequently and only in response to law-enforcement requests, (iii) is satisfied. The Tornado Cash OFAC designation arc (the August 8, 2022 SDN listing of smart-contract addresses, the Coin Center and <em>Van Loon v. Department of the Treasury</em> litigation culminating in 122 F.4th 549 (5th Cir. 2024), and the March 2025 OFAC withdrawal) is the policy backdrop. CLARITY&#8217;s drafters were aware of it. The bill draws the line so that protocols whose contracts are immutable and whose censorship, if any, occurs at the front-end layer remain DeFi.</p></li></ul><p>&#167;301(a)(2)(B) inserts the DGS rule. A decentralized governance system, solely by virtue of its operation, is not a person or group of persons under common control or acting in concert. This carve-out flows from &#167;2(5) and Post #5 of this series. The DGS itself does not satisfy any of the three prongs simply by existing. A protocol controlled by a properly-constituted DGS is, on the face of the statute, a DeFi trading protocol, not a non-DeFi one. The harder question is whether the DGS itself satisfies &#167;2(5), and that is where the centralized-management exclusion does work.</p><h4>The Activity Carve-Outs</h4><p>&#167;301(a)(2)(C) is the practitioner-actionable core of the section. It excludes a list of activities from the definition of &#8220;non-decentralized finance trading protocol,&#8221; whether engaged in singly or in combination, in relation to the operation of a distributed ledger system or any component of one. The list runs to three clauses but covers the bulk of the infrastructure stack on which any modern protocol depends.</p><p>Clause (i) covers compiling network transactions, relaying, searching, sequencing, validating, or acting in a similar capacity. That language is comprehensive. It immunizes block builders (Flashbots and its competitors), relays (mev-boost), MEV searchers, validators (Ethereum, Solana, and every L1 validator economy), and sequencers (the centralized sequencer Arbitrum and Optimism currently run, and the decentralized sequencer designs both networks are moving toward). The &#8220;similar capacity&#8221; residual is meant to catch the next generation of mempool and ordering services that have not been invented yet. A practitioner advising a sequencer-operator client whose sequencer is centralized today but is the only consensus mechanism for an L2 rollup gets the answer from (i): the sequencer activity, in itself, does not push the rollup or its component into non-DeFi status. That is a meaningful change from how some of the more aggressive Exchange Act enforcement theories would have treated the same facts.</p><p>Clause (ii) covers providing computational work, operating a node or oracle service, or procuring, offering, or utilizing network bandwidth, or providing other similar incidental services. Oracle providers (Chainlink, Pyth, RedStone, Switchboard) get an explicit safe harbor. Node operators, RPC providers (Alchemy, Infura, QuickNode), and bandwidth providers do too. The &#8220;computational work&#8221; clause covers proof-of-work miners, ZK provers, and the emerging class of agent-as-a-service operators who run inference compute against on-chain prompts and pay-per-call markets. Anything that looks like infrastructure underneath the protocol is on the safe side of the line.</p><p>Clause (iii) is the incident-response and security-council carve-out, cross-referenced to &#167;301(f). Practitioners coming from &#167;104 will recognize the language; the &#167;301 carve-out tracks the &#167;104(b)(3)(C) cybersecurity emergency-measures safe harbor with parallel mechanics. The council must operate pursuant to pre-defined, temporary, rules-based authority, in response to a specific and documented cybersecurity incident or imminent threat, under publicly disclosed, on-chain authorization mechanisms, strictly limited in scope and duration to the incident, and without unilateral control by any single person. The procedural mechanism must be disclosed in publicly available written documentation reasonably available to the applicable Federal regulator sufficiently in advance of any exercise. &#167;301(f)(2)(A). And the emergency authority cannot be used to push through protocol upgrades, governance decisions, or economic changes unrelated to the cybersecurity incident. &#167;301(f)(2)(B).</p><p>The relationship between (i), (ii), and (iii) deserves attention. The three clauses are listed disjunctively (&#8220;whether singly or in combination&#8221;), which means an entity engaged in multiple safe-harbored activities does not lose the carve-out by virtue of doing more than one. A validator that also operates an oracle and serves on a security council remains within the safe harbor for all three activities. The &#8220;in relation to the operation of a distributed ledger system&#8221; qualifier is, however, important. It means the carve-outs apply only to activity directed at the operation of the DLS or its components, not to ancillary financial services unrelated to DLS operation. A node operator that also runs a custodial exchange does not get the (i) carve-out for its custodial-exchange activity. The carve-outs are activity-based and apply activity by activity.</p><h4>&#167;301(b)(2)(B) and the First Amendment hook</h4><p>&#167;301(b)(2) sets out the substantive requirements for the SEC&#8217;s rulemaking under &#167;301(b)(1). Three of the four are unsurprising. (A) requires consistency with the public-interest, investor-protection, and orderly-market purposes of the securities laws. (C) requires legal clarity for development, publication, and operation of distributed ledger systems and their components. (D) directs Treasury enforcement of AML/CFT obligations to the extent applicable under existing law, which is to say that the Commission&#8217;s &#167;301 rulemaking is the vehicle through which Bank Secrecy Act obligations attach to non-DeFi trading protocols once the SEC identifies them.</p><p>(B) is the constitutional hook. The rules must protect the rights of software developers, publishers, and users to create, publish, and use code and software in a manner consistent with the First Amendment to the Constitution of the United States. That language is not a vague injunction. It is a specific directive that the Commission&#8217;s rulemaking comply with the constitutional doctrine articulated in <em>Bernstein v. United States Department of Justice</em>, 176 F.3d 1132 (9th Cir. 1999), and <em>Junger v. Daley</em>, 209 F.3d 481 (6th Cir. 2000): source code is expressive speech, and prepublication restraints on its publication are subject to strict scrutiny. Post #7 of this series picks up the &#167;601, &#167;604, and &#167;605 package that operationalizes the same First Amendment commitment for non-controlling developers, the Bank Secrecy Act money-transmitter definition, and self-custody, respectively. For &#167;301 purposes, what matters is that the Commission&#8217;s eventual rule cannot directly or indirectly require registration of source code, distributed ledger systems as such, or non-controlling developers and publishers. &#167;301(d)(1) reinforces the prohibition: nothing in the section, or in any rule adopted under it, can be construed to require a distributed ledger system or any software code to register with the Commission in its own capacity, or to prohibit the launch, deployment, or operation of a DLS. &#167;301(d)(2)(B) reinforces it again with a cross-reference to the &#167;604(b)(3) non-controlling-developer definition. The Commission has no authority over non-controlling developers and providers under &#167;301, and any rule that purported to reach them would be vulnerable on both statutory and constitutional grounds.</p><p>The intra-bill cross-reference matters. &#167;604(b)(3) defines a &#8220;non-controlling developer or provider&#8221; as one without &#8220;the legal right or the unilateral and independent ability to control, initiate upon demand, or effectuate transactions involving digital assets to which users are entitled.&#8221; The phrase tracks the structural functional-control test that the Fifth Circuit applied in <em>Van Loon</em> to conclude that Tornado Cash&#8217;s immutable smart contracts were not &#8220;property&#8221; subject to OFAC blocking authority. CLARITY codifies the <em>Van Loon</em> analytical move and routes it through the &#167;301 rulemaking process, ensuring that the line between protocol operator (controllable, regulable) and protocol publisher (not controllable, not regulable) becomes a structural constraint on agency action rather than a constitutional question litigated post hoc.</p><h4>&#167;301(c), Activity-based Application, and the Death of Form-Over-Substance</h4><p>&#167;301(c) is short but doctrinally important. Rules adopted under &#167;301(b)(1) must determine the applicable requirements only with respect to securities-related activities, based on the functions performed by the controlling person or group of persons, including brokerage, dealing, trading, execution, clearing, or custody of securities, without regard to technological form, distributed architecture, or purportedly decentralized characterization.</p><p>That second clause is the kicker. The activity-based test runs in both directions. A protocol whose operators perform brokerage, dealing, or custody functions cannot escape registration by labeling itself decentralized. The &#8220;purportedly decentralized characterization&#8221; phrase is a direct response to the &#8220;we are just software&#8221; defense that was floated, with mixed results, in cases like <em>SEC v. Coinbase</em> and the Uniswap Wells correspondence. Distributed architecture, on its own, is not a defense to control-in-fact. But the inverse is also true: a protocol whose operations consist solely of the &#167;301(a)(2)(C) carve-out activities is not pulled into the regime simply because some of its participants perform broker-like functions. Activity is the test. The technological wrapper is not.</p><p>&#167;301(c) operates as a doctrinal check on both the agency and the regulated parties. The SEC cannot push a &#8220;decentralized&#8221; label as a sufficient defense. It also cannot use &#8220;centralized in some respect&#8221; as a sufficient trigger. The functions actually performed by the controlling persons or groups have to be securities-related under the existing statutory tests in &#167;3(a)(4), &#167;3(a)(5), and &#167;3(a)(11) of the Exchange Act. If they are, the activity-based application of existing requirements follows. If they are not, the &#167;301 regime does not reach the conduct.</p><p>This produces a workable line for the most common edge cases. A protocol team that runs a centralized RPC service for user convenience but does not direct or settle transactions is engaged in (ii) activity, not securities-related activity. A protocol team that operates a closed solver network with discretionary order routing engages in conduct that looks like brokerage in fact, and the activity-based application brings it under the regime, regardless of how the surrounding protocol is structured. A foundation that runs a treasury and a grants program but does not maintain custody of user assets or execute user-facing trades is not engaged in covered activity, and &#167;301 does not reach it.</p><h4>Comparing the FinCEN and FATF Lines</h4><p>The &#167;301 test is not the only line that matters for DeFi practitioners. FinCEN&#8217;s 2019 guidance, FIN-2019-G001, <em>Application of FinCEN&#8217;s Regulations to Certain Business Models Involving Convertible Virtual Currencies</em> (May 9, 2019), draws its own line for money-transmitter status, asking whether the operator has independent control over user funds. FATF Recommendation 15 and its 2019 and 2021 guidance on virtual asset service providers (VASPs) draw an internationally harmonized line that captures any &#8220;natural or legal person... that conducts one or more of the following activities or operations for or on behalf of another natural or legal person,&#8221; including transfer of virtual assets, exchange between virtual assets and fiat, and safekeeping.</p><p>&#167;301 and FinCEN&#8217;s 2019 guidance run on parallel tracks. Both ask whether the protocol operator has functional control over user assets. The &#167;301(a)(1) custody prong (no reliance on a person other than the user to maintain custody or control) is structurally similar to FinCEN&#8217;s &#8220;independent control&#8221; test in FIN-2019-G001. A protocol that satisfies &#167;301(a)(1) baseline ordinarily satisfies the FinCEN safe side as well. The &#167;301(a)(2)(A) non-DeFi triggers, however, are more granular than the FinCEN guidance, and the &#167;301(b)(3)(B) BSA-rulemaking direction explicitly authorizes Treasury to draw additional lines through tailored rules. Practitioners should expect FinCEN guidance to be updated post-enactment to track the &#167;301 framework.</p><p>The FATF VASP definition is broader than either &#167;301 or FinCEN, and is the source of much of the international compliance friction. FATF&#8217;s 2021 updated guidance suggested that DeFi protocol developers could be VASPs if they exercised &#8220;control or sufficient influence.&#8221; CLARITY&#8217;s drafters were aware of the friction; &#167;507 of the bill, on international coordination, directs Treasury to engage with FATF and other multilateral bodies on harmonization. But the U.S. domestic line is now &#167;301. The activity-based application of the existing FinCEN money-transmitter definition will track &#167;301 outcomes, not FATF&#8217;s broader VASP concept. That is a meaningful divergence and will produce some cross-border friction for U.S.-domiciled DeFi developers operating in FATF-compliant jurisdictions abroad.</p><h4>Structuring Choices that Preserve Decentralized Status</h4><p>The &#167;301 framework rewards structural commitment over branding. A protocol that satisfies &#167;301(a)(1) at the architectural layer and avoids all three non-DeFi triggers under &#167;301(a)(2)(A) stays in the safe bucket.</p><ul><li><p><em>First</em>, ship immutable contracts where possible, and where upgradeability is required, route upgrade authority through a properly-constituted DGS with public, on-chain governance, not through an admin key held by a labs entity. The &#167;301(a)(2)(A)(i) common-control prong does not bite if the only authority to alter the protocol runs through a DGS that satisfies &#167;2(5).</p></li><li><p><em>Second</em>, do not embed censorship logic in the protocol layer. Front-end OFAC screening does not implicate &#167;301(a)(2)(A)(iii). Smart-contract sanctions-oracle checks controlled by a common-control group do. The structural choice is to keep censorship at the application layer, where it is run by the operator of the front-end and not by the protocol itself.</p></li><li><p><em>Third</em>, on solver networks, intent-based protocols, and RFQ systems, the &#167;301(a)(2)(A)(ii) source-code test requires that the off-chain components operate under transparent rules. Closed, discretionary solver sets are a problem. Open-access solver networks running standardized client software, with auction mechanics that are themselves transparent, are not.</p></li><li><p><em>Fourth</em>, document the structure. The &#167;301(b)(1) rulemaking will, like the &#167;104(d) and &#167;4B(b)(5) certification regimes elsewhere in the bill, run on disclosure and documentation. A protocol whose governance, upgrade authority, custody architecture, and emergency-response procedures are publicly disclosed in on-chain documentation, governance forum posts, and project README files is in a substantially better position than one whose structure must be reverse-engineered from contract bytecode.</p></li><li><p><em>Fifth</em>, anticipate the activity-based test in &#167;301(c). A controlling person whose activities are limited to publishing software, operating infrastructure within the &#167;301(a)(2)(C) carve-outs, and participating in governance is not engaged in securities-related activity. A controlling person who routes user orders, takes custody, or sets prices in a discretionary capacity is. The structural choice is to keep the labs entity, the foundation, and the development team out of the trade execution path entirely.</p></li></ul><p>The takeaway is that &#167;301 produces a workable, structurally coherent line that was not available under any prior agency interpretation. The line tracks the underlying economic reality of who controls the protocol and what activities they perform, rather than reading from the surface presentation of &#8220;decentralized&#8221; branding or, conversely, the agency-level intuition that anything involving software must be a sophisticated form of intermediation. <em>SEC v. Coinbase</em> on the exchange-registration theory cannot survive in its prior form after &#167;301. The Uniswap Wells correspondence is moot. The harder question is what happens to the protocols whose actual operational structure puts them on the wrong side of the line, and the answer is straightforward. They register, or they restructure. The bill is candid about which protocols are which.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-nondecentralized-trading-protocol?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-nondecentralized-trading-protocol?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/the-nondecentralized-trading-protocol?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[DAOs as Legal Persons]]></title><description><![CDATA[Decentralized Governance Systems as Separate Legal Entities Under CLARITY]]></description><link>https://davidlopezkurtz.substack.com/p/daos-as-legal-persons</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/daos-as-legal-persons</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Wed, 10 Jun 2026 16:01:23 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!yV3g!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>To date, the question whether a token holder who voted in a protocol governance proposal was a general partner of her co-voters had a real and unpleasant answer. The leading authority, Sarcuni v. bZx DAO, 664 F. Supp. 3d 1100 (S.D. Cal. 2023), held that members of a DAO could function as a general partnership under California law because they had associated to carry on a business for profit. Joint and several liability followed. The CFTC took the same theory to its logical end in CFTC v. Ooki DAO, No. 2:22-cv-05416 (N.D. Cal. 2023), serving the DAO via chatbot in its own help forum and obtaining a default judgment against it as an unincorporated association. The cumulative message to anyone who had ever submitted a YES vote on a Compound or Uniswap parameter change was bleak: under existing state and federal default rules, you were potentially a co-principal in whatever your protocol did next.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!yV3g!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!yV3g!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 424w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 848w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 1272w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!yV3g!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png" width="1456" height="1128" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1128,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3049367,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201343458?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!yV3g!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 424w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 848w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 1272w, https://substackcdn.com/image/fetch/$s_!yV3g!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4e99ddc4-20bf-4d40-9d28-ce46c6827dd9_1527x1183.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The architecture frame established in <a href="https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity">Post #1</a> treated CLARITY&#8217;s reroute around <em>Howey</em> as a four-cornered structure: the trichotomy of network token, ancillary asset, and digital commodity; the &#167;4B disclosure-only regime; the &#167;104 coordinated-control test; and the decentralized governance system as a separate legal person. This post is on that fourth corner. Section 2(5) does an outsized amount of doctrinal work in roughly twenty-five lines. It overrides <em>Sarcuni</em>. It overrides <em>Ooki DAO</em>. It overrides the Restatement (Second) of Torts &#167; 876 (acting in concert) theory as applied to governance participation. And it does so without inventing a new federal entity form, by accommodating the state-law wrappers that practitioners have spent four years building.</p><h4>What &#167;2(5) actually says</h4><p>The definition has four moving parts. Subparagraph (A) defines a decentralized governance system as a &#8220;transparent, rules-based system permitting persons to form consensus or reach agreement in the development, provision, publication, maintenance, or administration of the distributed ledger system, in which participation is not limited to, or under the control of, any person or group of persons under common control.&#8221; Four elements: transparency, rules-based operation, the formation of consensus or agreement around development or operation of the ledger, and open participation outside the control of a common-control group.</p><p>The transparency requirement does light work but matters at the margins. A DGS whose rules cannot be observed or whose voting outcomes cannot be verified will not qualify. The rules-based element is the more substantive constraint: discretionary governance, where a small group can act outside any predefined rule, fails the test. The open-participation requirement is where the bill draws the practical line between something that looks like a DAO and something that looks like a private club whose token holders happen to vote.</p><p>Subparagraph (B) is the doctrinal payoff. With respect to a DGS, &#8220;the decentralized governance system and any persons participating in the decentralized governance system shall be treated as separate persons unless those persons are under common control or acting pursuant to an agreement to act in concert.&#8221; This is direct legislative overruling of the <em>Sarcuni</em> default rule. Mere participation, including voting, no longer triggers the general-partnership inference. Joint and several liability does not attach by default. The DGS has its own legal personality (within the four corners of this Act), and the participants are separate from it.</p><p>Subparagraph (D) reinforces this in slightly different language: &#8220;a decentralized governance system shall not be deemed to be a person or a group of persons acting under common control.&#8221; Where (B) addresses the relationship between the DGS and its participants, (D) addresses the DGS itself, vis-&#224;-vis the rest of the statute. The two provisions are reconcilable. The DGS is a &#8220;person&#8221; for the purpose of being separate from its participants. It is not a &#8220;person or group of persons under common control&#8221; for the purpose of any regulatory test that turns on that phrase. Wherever &#8220;person&#8221; or &#8220;common control&#8221; is the operative trigger in the rest of the bill, the DGS slides outside the test. This is the mechanism by which DGS treatment flows through to &#167;4B network-token classification, &#167;104 coordinated control, &#167;301 trading-protocol status, and the &#167;2(13) related-person definition. Cross-references in section three.</p><p>Two things subparagraph (B) does not do are worth noting. First, it does not override common-control or in-concert findings where they actually exist. If a group of insiders coordinates governance votes via off-chain agreement, the carve-out collapses. Subparagraph (B) protects only the structural inference, not the conspiracy. Second, it does nothing to override liability for one&#8217;s own conduct. A core developer who pushes malicious code, or a multisig signer who absconds with treasury funds, remains liable for what she did. What &#167;2(5)(B) eliminates is the <em>imputed</em> liability for what someone else did via the protocol. That is enough to make the difference between a workable governance role and an uninsurable one.</p><h4>The wrapper accommodation and the centralized-management line</h4><p>The bill could have stopped at subparagraph (B). The interesting policy choice, and the one most relevant for transactional practice, is subparagraph (C). It states that the term &#8220;decentralized governance system&#8221; includes &#8220;a legal entity, including a decentralized unincorporated nonprofit association or other entity created pursuant to State law, used to implement the rules-based system described in subparagraph (A), provided that the legal entity does not operate pursuant to centralized management.&#8221; The reference to the decentralized unincorporated nonprofit association is unambiguous: this is the Wyoming DUNA (Wyo. Stat. &#167;&#167; 17-32-101 et seq.). The phrase &#8220;other entity created pursuant to State law&#8221; sweeps in the Wyoming DAO LLC (Wyo. Stat. &#167;&#167; 17-31-101 et seq.), the Vermont Blockchain-Based LLC, and any subsequent state framework Congress wants to leave room for. The Marshall Islands DAO LLC and the Cayman foundation, although not &#8220;created pursuant to State law&#8221; in the U.S. sense, satisfy the broader structural test if they otherwise meet (A).</p><p>Wrapping the protocol does not, by itself, forfeit DGS status. That is the central drafting choice. The competing model, where any incorporated entity is presumptively centralized, would have pushed structures offshore and incentivized the same legal-form arbitrage that drove the Marshall Islands and Cayman frameworks in the first place. CLARITY says instead: pick the wrapper that fits the operational reality, and let the substantive test (centralized management or not) do the work.</p><p>The centralized-management exclusion is the limit. A wrapper that &#8220;operates pursuant to centralized management&#8221; is not a DGS, regardless of what it calls itself. The bill does not define centralized management directly, but the second sentence of (C) tells us what it is not: &#8220;the delegation of ministerial or administrative authority at the direction of the participants in a decentralized governance system shall not be construed to be centralized management.&#8221; Read against subparagraph (A)&#8217;s open-participation requirement, the picture comes into focus. Centralized management means decision-making authority concentrated in a person or common-control group, exercised outside the rules-based system. Ministerial delegation, by contrast, is the execution of decisions already made by participants pursuant to the transparent rules. A foundation that pays bills on behalf of the DAO does not exercise centralized management. A foundation board that decides which proposals to fund without participant authorization does.</p><p>This distinction maps onto current structuring practice with surprising fidelity. The &#8220;service-provider&#8221; foundation model, in which the entity exists to file taxes, sign contracts, hold IP, and execute participant-approved disbursements, sits comfortably inside the ministerial-delegation safe harbor. The &#8220;steward&#8221; foundation model, in which the entity retains discretionary authority over treasury, protocol upgrades, or grants, sits outside it. The practitioner question is whether a given wrapper looks like the first or the second, and many existing structures contain both elements. Section four returns to this.</p><p>Two interpretive points before moving on. The phrase &#8220;at the direction of the participants&#8221; implies a chain of authority running from participants down to the wrapper, not the reverse. A multisig that can act on its own initiative is not acting &#8220;at the direction of&#8221; anyone. A multisig that executes transactions pre-approved by an on-chain vote is. Second, the cybersecurity carve-out at &#167;104(b)(3)(C), which permits pre-defined, rules-based emergency measures by an incident response or security council, suggests that Congress contemplated some narrow discretionary scope being preserved without forfeiting DGS status. But that carve-out is drawn tightly: the response must be limited to a &#8220;specific and documented cybersecurity incident or imminent threat,&#8221; the rules and procedures must be publicly disclosed in advance, and no single person can hold unilateral control. It is not a license for general discretionary action.</p><h4>How DGS personhood flows through the rest of the bill</h4><p>The &#167;2(5) definition is the trunk. The carve-outs scattered through the rest of the bill are the branches, and they work consistently. The first occurs in the related-person definition at &#167;2(13)(B), which expressly excludes a DGS from related-person status. This matters for the &#167;104 disposition restrictions, which apply only to sales by related persons. A DGS-controlled treasury that sells units back into the market is not making a sale by a related person, and the holding-period and volume caps in &#167;104(c) do not apply.</p><p>The next is in the network token definition itself. Section 4B(a)(7)(B) excludes from network-token status any investment contract conferring certain disqualifying financial rights, including &#8220;an entitlement to, or a reasonable expectation of, an interest, dividend, or other payment, or direct or indirect transfer of value, from a person (other than a decentralized governance system)&#8221; (&#167;4B(a)(7)(B)(ii)(III)), and an express or implied financial interest provided by a person other than a DGS (&#167;4B(a)(7)(B)(ii)(IV)). The parenthetical carve-out is doing serious work. Without it, any token holder who could expect payments from the DGS, whether through fee-switch distributions, staking rewards funded out of protocol revenue, or treasury grants, would be holding something with the cash-flow profile of an investment contract under standard <em>Howey</em> analysis. The &#8220;(other than a decentralized governance system)&#8221; parenthetical converts those flows into non-disqualifying features. The rule of construction at &#167;4B(a)(7)(C)(ii) adds that the &#8220;granting of economic interests or voting capabilities with respect to a distributed ledger system or its decentralized governance system&#8221; does not disqualify either. Read together, these provisions mean that the DGS can pay, distribute, and confer governance rights without dragging the token into the securities perimeter.</p><p>The &#167;104 coordinated-control architecture has two DGS carve-outs. The &#8220;distributed ledger control person&#8221; defined in &#167;104(a)(3) is &#8220;any person or group of persons under common control, other than a decentralized governance system,&#8221; that has the unilateral authority to control or materially alter the ledger system. Then &#167;104(b)(3)(B) supplies the safe harbor: a DGS is not a person or common-control group for purposes of the coordinated-control test, and a ledger system is not precluded from being found not-under-coordinated-control &#8220;solely based on a functional, administrative, clerical, or ministerial action of a decentralized governance system, including any such action taken by a person acting on behalf of and at the direction of that decentralized governance system.&#8221; The ministerial-delegation language from &#167;2(5)(C) reappears here, anchored this time to a specific operational test. The structural choice is consistent: rule-based DGS conduct, including downstream ministerial execution by service providers, does not break decentralization.</p><p>Finally, &#167;301(a)(2)(B) supplies the analogous rule for &#8220;non-decentralized finance trading protocols.&#8221; For purposes of determining whether a protocol is non-DeFi (and therefore subject to traditional intermediary regulation), &#8220;a decentralized governance system, solely by virtue of the operation of the decentralized governance system, shall not be considered to be a person or a group of persons under common control or acting pursuant to an agreement to act in concert.&#8221; The DeFi-trading test asks whether some common-control person has the authority to alter the protocol, censor users, or operate it outside of pre-encoded rules. DGS operation alone does not satisfy any of those.</p><p>The cumulative effect is that DGS treatment is not a one-off accommodation. It is a coordinated decision running through five distinct regulatory choke points: related-person status (&#167;2(13)(B)), network-token classification (&#167;4B(a)(7)), distributed-ledger-control-person status (&#167;104(a)(3)), coordinated control (&#167;104(b)(3)(B)), and DeFi-trading-protocol status (&#167;301(a)(2)(B)). Wherever the bill could have caught a DGS in a person-and-common-control test, it doesn&#8217;t. That consistency is what makes &#167;2(5) a structural pillar rather than a definitional curiosity.</p><h4>Structuring guidance</h4><p>For anyone structuring (or restructuring?) a DAO under CLARITY, the operative questions reduce to three. </p><p>First, does the protocol&#8217;s governance qualify as a DGS in the first place? That requires transparency, rules-based operation, formation of consensus around development or operation of the ledger, and participation not limited to or controlled by a common-control group. A multisig of seven anonymous signers with no public charter does not qualify. A token-weighted voting system with on-chain rules, public discussion, and dispersed token ownership ordinarily does. The harder cases sit in between: small councils with formal procedures, hybrid governance models with off-chain ratification, and rolling delegated voting structures all require closer reading against the (A) elements.</p><p>Second, does any wrapper preserve DGS status? Wyoming DUNAs and DAO LLCs, Vermont BBLLCs, and offshore analogs all qualify provided they do not operate by centralized management. The drafting question for counsel is whether the operating agreement, association charter, or articles vest discretionary authority in a manager class or council, or whether they confine the entity&#8217;s role to executing participant-approved actions. The bill rewards the latter. Existing structures that contain both elements (DAO-controlled treasury plus a discretionary foundation council, for example) should be reviewed against the centralized-management exclusion before any post-enactment certification under &#167;104(d). The wrapper accommodation is generous, but it is conditional, and the condition is structural rather than nominal.</p><p>Third, how do off-chain operational arrangements interact with the centralized-management line? A service provider executing payments at participant direction is fine. A service provider with discretionary spending authority is not. A multisig acting on pre-approved on-chain outcomes is fine. A multisig with independent veto authority is not. The cybersecurity-council carve-out at &#167;104(b)(3)(C) creates a narrow exception for predefined emergency response, but it should not be relied on outside its terms.</p><p>Section 2(5) is the most consequential twenty-five lines of CLARITY for any practitioner who has worked on DAO structuring under existing law. The <em>Sarcuni</em> general-partnership default is gone. The <em>Ooki</em> unincorporated-association default is gone. The doctrinal cost of governance participation has been reduced from &#8220;potential joint and several liability&#8221; to &#8220;ordinary individual liability for one&#8217;s own conduct.&#8221; That is a meaningful shift, and the rest of the bill&#8217;s DGS carve-outs are not gestures. They are the structural mechanism by which Congress carries DGS personhood through every place in the statute where the form would otherwise have collapsed back into the general-partnership default that <em>Sarcuni</em> and <em>Ooki</em> had built.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/daos-as-legal-persons?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/daos-as-legal-persons?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/daos-as-legal-persons?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[Coordinated Control]]></title><description><![CDATA[CLARITY's 49% Test and the Death of the Hinman-style Decentralization Test]]></description><link>https://davidlopezkurtz.substack.com/p/coordinated-control</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/coordinated-control</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 08 Jun 2026 19:47:15 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!kYZC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>I<em>n June 2018, William Hinman delivered what would become the most consequential thirty minutes of digital-asset regulatory thinking of the past decade. The speech was carefully labeled personal views, not Commission policy, and was promptly absorbed into industry compliance memos as if it were a final rule. The core idea was simple. An investment contract under SEC v. W.J. Howey Co., 328 U.S. 293 (1946), turns on whether purchasers expect profits from the &#8220;efforts of others.&#8221; A token transacted on a network that has reached &#8220;sufficient decentralization&#8221; arguably fails that prong, because there is no longer a coherent &#8220;other&#8221; doing the work. Ether (ETH), Hinman said in the most-quoted passage, no longer represented a security transaction in its then-current state.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!kYZC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!kYZC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 424w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 848w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 1272w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!kYZC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png" width="1456" height="825" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/e2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:825,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2016380,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/201198621?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!kYZC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 424w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 848w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 1272w, https://substackcdn.com/image/fetch/$s_!kYZC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe2c7d5aa-d32b-498c-8fa4-358b2133c9c9_1468x832.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>For seven years, &#8220;sufficient decentralization&#8221; sat at the center of every token launch and every secondary-market listing analysis. The SEC&#8217;s April 2019 Framework for &#8220;Investment Contract&#8221; Analysis of Digital Assets attempted to formalize the inquiry, but ran to dozens of considerations across multiple *Howey* prongs and was published as Staff guidance with no formal regulatory effect. *SEC v. Ripple Labs, Inc.*, 682 F. Supp. 3d 308 (S.D.N.Y. 2023), illustrated the cost of operating in this vacuum. Judge Torres distinguished institutional sales from programmatic exchange sales by reference to the economic reality of each transaction, but neither party could point to a statutory test that would have produced the same result with more certainty.<br><br>&#167;104 of the engrossed Senate substitute is the legislative answer. It does not overrule Hinman. Hinman was not law. But &#167;104 effectively buries the speech, replacing the SEC&#8217;s &#8220;sufficient decentralization&#8221; intuition with a five-factor statutory test, anchored by a single quantitative threshold, and operationalized through a certification procedure that produces final agency action reviewable under applicable law. This is the coordinated-control framework that Post #1 identifies as one of the four structural pillars of the bill&#8217;s architecture. CLARITY routes around *Howey* rather than overruling it. Decentralization stops being a vibe. It becomes a definition. Once a system is certified as not subject to coordinated control, the resale restrictions in &#167;104(c) lift on a defined schedule that functions as a Rule 144 analog for tokens.<br><br>A word on procedural posture before the substance. &#167;104(b)(1) directs the Commission to adopt rules, based on the &#167;104(b)(2) criteria, to define when a distributed ledger system and its related ancillary asset are under coordinated control. The five criteria are not, themselves, the definition. They are the indicia Congress instructs the SEC to consider in rulemaking. The list is exhaustive, however (&#167;104(b)(2) uses &#8220;the following criteria,&#8221; not &#8220;including&#8221;), and the &#167;104(b)(3) safe harbors operate independently as bright-line outs. The SEC will fight on weighting and on attribution rules, but it cannot import factors outside the (A) through (E) list.</p><h4>The Five Indicia</h4><p>The &#167;104(b)(2) criteria divide cleanly into two structural questions. Three of the five ask whether the protocol is technically open and functional. Two ask whether there is a control group still pulling levers. The five are not weighted on the face of the statute, but the architecture suggests, and the SEC&#8217;s rulemaking will likely confirm, that the technical-openness indicia are necessary but not sufficient. A system that ships open-source code under a permissive license and runs on a permissionless validator set can still be under coordinated control if a founding team controls 60% of the float.<br><br>&#167;104(b)(2)(A) asks the extent to which the distributed ledger system is not (i) a publicly available protocol, (ii) a distributed ledger application whose source code is freely available via open-source code and recorded on a distributed ledger, or (iii) a Commission-determined analogue. The negative phrasing is awkward but the substance is familiar. A system fails this indicium to the extent the protocol or application source is closed, proprietary, or under license terms that meaningfully constrain forking. This is a low bar. Nearly every credible Layer 1 and Layer 2 in production today clears it. The edge questions are protocols with closed sequencers, MEV-extraction code that is not public, or proprietary fraud-proof systems. The Commission will need to address the extent to which non-public auxiliary infrastructure (block builders, relays, oracles) counts as part of the &#8220;distributed ledger system&#8221; for &#167;104(b)(2)(A) purposes.<br><br>&#167;104(b)(2)(B) is the permissionlessness indicium. It asks whether any person or group under common control has either (i) unilateral authority via operation of the distributed ledger system to restrict, censor, or prohibit use, including any applicable system-based user activity, or (ii) private permissions, hard-coded privileges, or similar capabilities granted by source code that provide preferential treatment compared to similarly situated persons. (i) covers admin keys with censorship power. (ii) covers protocol-level preferential treatment, which is the more interesting prong. A founding-team allocation that vests on a smart-contract schedule, with no special governance rights and no early redemption privilege, should not implicate (ii). A founder-only fee-distribution mechanism that takes a fixed percentage of protocol revenue indefinitely probably does, even if the rest of the protocol is otherwise permissionless. The Tornado Cash sanctions litigation surfaces a harder question on (B)(i): a protocol whose front-end voluntarily blocks sanctioned addresses but whose contracts do not presumably clears it, while a protocol whose contracts hard-code address blocklists arguably does not.<br><br>&#167;104(b)(2)(D) is the autonomous-state indicium. The statute asks whether the system has not yet reached &#8220;an autonomous state&#8221; and whether a person or group under common control has unilateral authority to alter or change the functionality, operation, or rules of consensus or agreement. The term &#8220;autonomous state&#8221; is undefined and will be a major focus of SEC rulemaking. Compare the SEC and CFTC&#8217;s 2026 joint interpretive release (Release Nos. 33-11412, 34-105020), which characterized &#8220;functional&#8221; digital commodities by reference to whether the network&#8217;s native asset can be used &#8220;on the system in accordance with its programmatic utility.&#8221; &#167;104(b)(2)(D) sits between functionality and immutability. A network can be functional but not autonomous, in the sense that core developers still hold upgrade keys allowing protocol-level changes. The SEC&#8217;s natural interpretive move will be to characterize autonomy as a function of governance distribution and upgrade-key custody, which folds (D) into the same inquiry as (B) and (C).<br><br>&#167;104(b)(2)(E) is economic independence. The indicium asks whether the primary programmatic mechanisms that are intended to facilitate substantial value accrual to the ancillary asset are functional. This is a value-accrual readiness test. A token whose buy-and-burn or fee-distribution mechanism has not yet shipped fails it. A token whose value-accrual mechanisms are technically live but rely on continued promotional activity by the founding team probably also fails, though the line is fuzzier. (E) is the indicium most directly tied to the *Howey* &#8220;efforts of others&#8221; prong, and it will drive much of the SEC&#8217;s substantive analysis. A network can be open-source, permissionless, and well-distributed, but if its value accrues primarily because a centralized team is still building demand, it is not economically independent within the meaning of &#167;104.</p><h4>The Only Hard Number</h4><p>&#167;104(b)(2)(C) is the single quantitative threshold in the entire decentralization framework. It asks the extent to which a person or group under common control has beneficial ownership &#8220;of, in the aggregate, more than 49 percent of the total amount of outstanding units of the ancillary asset or voting power with respect to any governance system that relates to the distributed ledger system.&#8221; That &#8220;or&#8221; is doing significant work. A control group that holds 30% of token supply but controls 55% of governance voting power triggers the indicium. So does a group that holds 60% of supply but only 20% of voting power. The disjunctive structure forces issuers to manage decentralization on two axes simultaneously, which the Hinman framework never did with any precision.<br><br>Three structural questions follow from the 49% language. First, what does &#8220;person or group of persons under common control&#8221; mean as an attribution rule. Second, how does the indicium handle lockups, vesting, and time-restricted tokens. Third, how does &#8220;voting power&#8221; measure against the wide variety of governance structures in the wild.<br><br>The common-control attribution rule is the most consequential ambiguity. The statute does not define common control for &#167;104 purposes, and the SEC&#8217;s rulemaking will need to import an attribution standard from somewhere. The Investment Company Act&#8217;s &#8220;control&#8221; definition (15 U.S.C. &#167; 80a-2(a)(9), beneficial ownership of more than 25% of voting securities, with a rebuttable presumption) is the most natural analog. The Securities Exchange Act&#8217;s beneficial ownership rules (17 C.F.R. &#167; 240.13d-3) are the next candidate. Section 318 of the Internal Revenue Code, with its constructive ownership and family attribution rules, is the most aggressive option. Practitioners should not assume that a majority-owned subsidiary of a foundation is treated as a separate person for &#167;104(b)(2)(C) purposes, or that the SEC will reject family attribution out of hand for founder-controlled vehicles. *Sarcuni v. bZx DAO*, 664 F. Supp. 3d 1100 (S.D. Cal. 2023), analyzed DAO governance through a general-partnership lens, which suggests that joint enterprise principles may sweep token holders together as a single common-control group even without a contractual coordination mechanism. Where the SEC draws the line will determine whether well-distributed foundation-led launches can certify out of coordinated control within a reasonable post-launch window.<br><br>Lockup and vesting interplay is the second moving piece. The &#167;104(b)(2)(C) test asks about &#8220;beneficial ownership... of total outstanding units.&#8221; Standard practice is to exclude unvested team and investor tokens from circulating supply but include them in total supply (the familiar fully-diluted-valuation versus market-cap distinction). &#8220;Outstanding units&#8221; is ambiguous between these two. The conservative reading is that fully diluted supply controls, in which case a team allocation of 30% counts toward the threshold from day one even if subject to a four-year vest with a one-year cliff. The aggressive reading is that only minted and unrestricted tokens count, in which case the threshold can be managed during the lockup period by burning, locking, or simply not minting reserved supply. The conservative reading is more consistent with the antifraud purposes of the statute and with &#167;104(c), which itself treats unvested holdings as part of related-person exposure. The aggressive reading is more consistent with how the industry has measured decentralization for the last five years.<br><br>Governance-power measurement is the third moving piece, and the messiest. The statute says &#8220;voting power with respect to any governance system.&#8221; That language reaches DAO voting (one-token-one-vote and its quadratic and conviction variants), delegate-based governance (Optimism&#8217;s Citizens&#8217; House and Token House, Arbitrum&#8217;s delegate system), validator-set voting, and multisig-as-governance (where a multisig executes off-chain governance decisions). It is not obvious that all four are measured the same way. A founding team that holds 40% of governance tokens but has delegated 35% to non-affiliated delegates might fall above or below 49% depending on whether delegation counts as a release of voting power. The Wyoming DUNA framework (Wyo. Stat. &#167;&#167; 17-32-101 et seq.) and the Marshall Islands DAO LLC structure both address related questions of voting attribution among DAO members, but the &#167;104 test will require its own answer.<br><br>The interaction with the &#167;104(b)(3)(B) decentralized governance system safe harbor is also important. A DGS is, by definition, not a person or group under common control. &#167;104(b)(3)(B)(i). The Commission cannot count DGS voting power toward &#167;104(b)(2)(C) because the DGS is a separate legal person. But the participants in the DGS may themselves be under common control with each other or with the founding team. A foundation that funnels its governance influence through a nominally decentralized DAO does not automatically clear (C); the SEC will need to evaluate whether the DGS is operating with independence or as a pass-through for foundation control.</p><h4>Multisig Councils Survive</h4><p>The &#167;104(b)(3) safe harbors are the operational counterpart to the indicia. Where the (b)(2) factors describe what coordinated control looks like, the (b)(3) safe harbors describe arrangements that are not, on their own, evidence of coordinated control. There are three. The general safe harbor in &#167;104(b)(3)(A) directs the Commission to establish safe harbors more broadly, and &#167;104(b)(3)(D) confirms that the enumerated safe harbors are not exclusive. The two enumerated safe harbors are the DGS carve-out in &#167;104(b)(3)(B) and the emergency-measures carve-out in &#167;104(b)(3)(C).<br><br>The emergency-measures safe harbor is the most thoughtful provision in the entire decentralization framework. Virtually every production DeFi protocol of significance has some form of multisig-based emergency response capability, and subjecting those councils to coordinated-control analysis under a strict reading of (B) would force them to be dismantled in ways that would harm users.<br><br>The safe harbor requires that the emergency measure be &#8220;pre-defined, temporary, [and] rules-based,&#8221; exercised by an &#8220;incident response or security council&#8221; exclusively in response to a &#8220;specific and documented cybersecurity incident or imminent threat,&#8221; pursuant to &#8220;publicly disclosed, on-chain authorization mechanisms,&#8221; &#8220;strictly limited in scope and duration solely to address that cybersecurity incident or imminent threat,&#8221; and exercised &#8220;without unilateral control by any single person.&#8221; &#167;104(b)(3)(C). The procedural mechanism for invocation must be disclosed in publicly available written documentation reasonably available to the applicable Federal agency by a decentralized autonomous organization or similar legal entity sufficiently in advance of any exercise.<br><br>That language maps cleanly onto Compound&#8217;s Pause Guardian (a multisig that can pause specific contract functions in response to a threat, codified in the protocol and disclosed in governance documentation), Aave&#8217;s Guardian (similar structure, with explicit on-chain limits on what the Guardian can pause and for how long), and MakerDAO&#8217;s Emergency Shutdown mechanism (governance-triggered, with public documentation of the procedure). It is harder to fit the kind of governance-proposal-and-patch response Compound used in the 2021 reserve-distribution incident, which involved community proposals rather than a true incident-response council action. The safe harbor seems to require a council with pre-defined authority, not ad hoc community remediation.<br><br>The &#8220;publicly disclosed, on-chain authorization mechanisms&#8221; requirement deserves attention. It is not enough that a multisig exists with documented members. The authorization mechanism itself (which addresses are in the multisig, what they can do, what triggers their authority, and what limits apply) must be on-chain and publicly disclosed. This is a higher bar than the customary practice of disclosing multisig membership in governance forum posts while leaving the actual multisig contract opaque.<br><br>The DGS safe harbor in &#167;104(b)(3)(B) sits alongside the emergency-measures carve-out and does separate work. It establishes that a DGS is not a person or group of persons under common control, and that a system is not precluded from being free of coordinated control &#8220;solely based on a functional, administrative, clerical, or ministerial action&#8221; of the DGS, including actions taken by a person acting on behalf of and at the direction of the DGS. The clerical-action language preserves operational flexibility for DGS implementations that delegate routine matters to identified service providers. A DUNA that retains a service provider to file annual reports does not become a person under common control with its members because the service provider acts at the DUNA&#8217;s direction.</p><h4>Rule 144 for Tokens</h4><p>&#167;104(c) is the operational consequence of the coordinated-control framework. If a distributed ledger system is under coordinated control, related persons (broadly defined to include the ancillary asset originator, its subsidiaries, and entities under common control) face restrictions on resale of covered tokens. The restrictions function as a token-equivalent of Rule 144 of the Securities Act (17 C.F.R. &#167; 230.144), and the parallels are deliberate.<br><br>Before certification of non-control, a related person may sell covered tokens acquired post-enactment only if (i) &#167;4B(d) disclosures have been furnished, (ii) the holder has held the units for not less than twelve months, and (iii) the amount sold in any twelve-month period does not exceed a cap to be set by SEC rulemaking. &#167;104(c)(1). After certification, the holding period drops to six months, and the volume cap is statutorily floored at no less than ten percent of total outstanding units per twelve-month period. &#167;104(c)(2). For pre-enactment tokens, the holding periods are the same (twelve and six), but the &#167;4B(d) disclosure requirement is waived for post-certification sales. &#167;104(c)(3). Distributed ledger control persons (a narrower category of persons with unilateral authority over protocol functionality) face additional notice and disclosure requirements under &#167;104(c)(4) even after certification.<br><br>The Rule 144 analogy is structural rather than mechanical. Rule 144 conditions secondary-market resales of restricted securities on current public information, a holding period (six months for reporting issuers, one year otherwise), volume limitations (the greater of 1% of outstanding or average weekly trading volume), and manner-of-sale restrictions for affiliates. &#167;104(c) adopts the holding-period and volume-limitation concepts directly, conditions on &#167;4B(d) disclosure rather than Exchange Act periodic reporting, and grants the SEC rulemaking authority to fill in the manner-of-sale and notice details. The most consequential difference is the volume cap. &#167;104(c)(2)(C) sets a statutory floor of 10% of outstanding units per twelve months for post-certification sales, which is far more permissive by reference to absolute float than Rule 144(e). For most token launches with standard team allocations, the 10% floor will exceed the related person&#8217;s holdings, which means the statutory floor will not bind. The SEC will likely set the actual cap substantially lower in the rulemaking. Where it lands is one of the most consequential open questions in the entire rulemaking process.<br><br>Disgorgement is the enforcement mechanism. Under &#167;104(e), profits realized by a related person from sales in violation of &#167;104(c) inure to the holders of the ancillary asset, recoverable in a derivative action by the asset originator or by token holders themselves (with a 5%-of-supply standing threshold for derivative claims and a two-year statute of limitations). The structure mirrors &#167;16(b) short-swing profit recovery under the Exchange Act (15 U.S.C. &#167; 78p(b)) and will be familiar territory for plaintiff-side counsel.<br><br>&#167;104(f) mandates a set of exemptions that reveal where the bill expects friction. Material hardship exemptions (death, bankruptcy, dissolution, tax liability arising from token receipt) under &#167;104(f)(1). Liquidity provision exemptions for two-sided market making under &#167;104(f)(2). Agency exemptions for custodians, brokers, dealers, and trading platforms under &#167;104(f)(3). ETP and passive pooled investment vehicle exemptions, with explicit accommodation for authorized-participant create-and-redeem mechanics, under &#167;104(f)(4). The &#167;104(f)(4) exemption is particularly important for the spot Bitcoin and Ether ETPs that came online in 2024 and 2025; without it, related-person tokenholders of an ETP-eligible asset would face disposition restrictions on routine fund operations.<br><br>Hinman gave the industry a vibe. &#167;104 gives it a test. The test has five indicia, one hard number, three safe harbors, and a certification procedure that produces final agency action. None of those pieces are self-executing. The SEC&#8217;s coordinated-control rulemaking will take eighteen to twenty-four months at best, and the resale restrictions will not lift on any current insider&#8217;s preferred timeline. But the architecture is different in a way that matters. Decentralization is no longer a litigation defense to be raised after an enforcement action. It is a statutory standard with a rulemaking path, a certification window, and a Rule 144 analog at the end of it. The &#8220;sufficient decentralization&#8221; theory survives in &#167;104(b)(2), but only as one of five factors, and only one of those factors has a number attached to it. That number is 49. Hinman would not recognize the section that buried him.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/coordinated-control?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/coordinated-control?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/coordinated-control?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[What is a "Network Token"? ]]></title><description><![CDATA[The disqualifying-financial-rights test and why it matters]]></description><link>https://davidlopezkurtz.substack.com/p/what-is-a-network-token</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/what-is-a-network-token</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 05 Jun 2026 16:27:07 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!UhPT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Section 102 of CLARITY inserts a new &#167;4B into the Securities Act of 1933. That section, in turn, defines a &#8220;network token&#8221; in &#167;4B(a)(7) as a digital commodity intrinsically linked to a distributed ledger system, deriving its value from the use of that system, and &#8220;treated as a non-security solely for purposes of the Federal securities laws.&#8221; That last clause is doing a great deal of work. It is a regulatory definitional override. The bill does not amend &#167;2(a)(1) of the &#8216;33 Act or rewrite *SEC v. W.J. Howey Co.*, 328 U.S. 293 (1946). It instead carves out a class of digital assets and says: for federal securities law purposes, these are not securities. The Howey test continues to live in case law, in state blue-sky enforcement of non-network-token instruments, and in everything CLARITY does not reach. But the asset itself, sitting on a chain after issuance, is removed from the analysis.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!UhPT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!UhPT!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 424w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 848w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 1272w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!UhPT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png" width="439" height="559" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ff28ed9e-2aca-400d-b585-1b863722584c_439x559.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:559,&quot;width&quot;:439,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:430917,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/200321936?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!UhPT!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 424w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 848w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 1272w, https://substackcdn.com/image/fetch/$s_!UhPT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fff28ed9e-2aca-400d-b585-1b863722584c_439x559.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This carve-out is conditional. It is gated by an enumerated list of disqualifying financial rights in &#167;4B(a)(7)(B). A &#8220;network token&#8221; includes only digital commodities that do *not* carry (i) any security, (ii) an investment contract or profit-sharing interest equivalent to specified debt, equity, or value-transfer rights, (iii) an interest in a &#167;3(c)-excluded investment company, or (iv) an interest in a non-investment-company asset-holding entity. [1] CLARITY answers that question definitionally. If the rights traveling with the token are within an enumerated disqualifying category, the token is not a network token. If they are not, the token is.</p><p>This is a different move from the one FIT21 made. FIT21 introduced &#8220;investment contract asset,&#8221; a defined term for the underlying digital commodity sold pursuant to an investment contract, with the IC being the security and the asset being something else. That separated the wrapper from the thing being wrapped. CLARITY does something more aggressive. It says the *thing itself* is not a security if it lacks the enumerated rights. The &#167;4B disclosure regime, which I will cover in Post #2 of this series, then attaches to the &#8220;ancillary asset&#8221; subset of network tokens (network tokens whose value depends on the entrepreneurial or managerial efforts of an &#8220;ancillary asset originator&#8221; or related person). Network tokens that lack ongoing founder-dependent value (a fully autonomous protocol) are not even ancillary assets and pick up no &#167;4B disclosure burden.</p><p>Note that the non-security treatment of &#167;4B(a)(7)(A) is &#8220;solely for purposes of the Federal securities laws.&#8221; The bill reinforces this in &#167;4B(b)(2), which extends the non-security treatment to &#167;2(a)(1) of the &#8216;33 Act, &#167;3(a) of the &#8216;34 Act, &#167;2(a) of the Investment Company Act, &#167;202(a) of the Advisers Act, &#167;16 of SIPA, and functionally-equivalent state law. It does not touch &#167;7701 of the Internal Revenue Code, the &#167;1234 character question for options on tokens, the &#167;475 mark-to-market rules, or state common-law fraud. Tax counsel should not read this as a tax characterization. Litigation counsel should not read it as preemption of common-law fraud, breach of contract, or RICO. It is what it says: a federal securities law carve-out, plus a parallel state securities-law backstop.</p><h4>The four disqualifying rights</h4><p>Clause (i) is tautological. &#8220;Any security&#8221; is a disqualifying right. The work is in (ii) through (iv).</p><p>Clause (ii) is the doctrinal core. The term &#8220;network token&#8221; excludes any &#8220;investment contract or a certificate of interest or participation in any profit-sharing agreement&#8221; that represents, gives, or is &#8220;substantially economically or functionally equivalent to&#8221; four enumerated rights, as the SEC shall establish by rule. The four sub-rights are: (I) a debt or equity interest, or an option on either, in a person; (II) liquidation rights with respect to a person; (III) an entitlement to, or reasonable expectation of, an interest, dividend, other payment, or direct or indirect transfer of value from a person (other than a decentralized governance system); and (IV) an express or implied financial interest in (including a limited partnership interest or interest in intellectual property of), or provided by, a person (other than a decentralized governance system).</p><p>Critically, clause (ii) does not say &#8220;any token whose value depends on the efforts of others is disqualified,&#8221; which would have been the Howey import. Howey&#8217;s &#8220;efforts of others&#8221; prong, as elaborated in SEC v. Glenn W. Turner Enters., Inc., 474 F.2d 476 (9th Cir. 1973), reaches any scheme in which &#8220;the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.&#8221; CLARITY does not adopt that test. It asks something narrower and structural: does the token carry an enumerated financial right? Tokenizing an LLC interest, a debt instrument, an option on stock, or a profit-share in a centralized operating company fails. Tokenizing a right to participate in the operation, governance, or fee-revenue of a distributed ledger system does not.</p><p>The sub-rights are themselves doctrinally precise. </p><ul><li><p>(I) (debt, equity, options on same) maps to the conventional security categories. A token that represents a share of an operating company, a note, or a call option on equity is out. </p></li><li><p>(II) (liquidation rights) tracks corporate liquidation preferences and partnership distribution rights. If the token entitles the holder to a share of the proceeds of winding up a person, it is out. (III) and (IV) are the catch-alls, and they are where the structuring happens. (</p></li><li><p>III) sweeps in any dividend, interest, payment, or transfer of value from a person, with the controlling parenthetical &#8220;other than a decentralized governance system.&#8221; </p></li><li><p>(IV) sweeps in any financial interest in (or provided by) a person, again with the DGS parenthetical.</p></li></ul><p>A &#8220;person&#8221; is undefined in CLARITY for these purposes, which means it carries its &#8216;33 Act default meaning under &#167;2(a)(2): an individual, corporation, partnership, association, joint-stock company, trust, unincorporated organization, or government. The DGS parenthetical removes one specific kind of entity from that definition for purposes of clauses (II)(III) and (II)(IV). Everything else remains a &#8220;person.&#8221; This matters for token cap-table design. A token paying revenue out of a labs entity is disqualified. A token paying revenue out of a properly-structured DGS is not.</p><p>Clauses (iii) and (iv) are backstops against laundering economic exposure to a pool of assets through a token. Clause (iii) catches functional interests in entities excluded from investment company treatment by &#167;3(c) of the Investment Company Act. Anyone who has structured a &#167;3(c)(1) or &#167;3(c)(7) private fund will recognize the move. Tokenizing a fractional interest in what would be a &#167;3(c)-excluded private fund and calling the resulting token a &#8220;network token&#8221; does not work. Clause (iv) extends that backstop one step further to non-investment-company asset-holding vehicles. A token that represents an economic interest in an LLC holding real estate, gold, or any non-securities asset is out. The combined effect of (iii) and (iv) is that wrapper architectures used to securitize off-chain assets do not collapse into network-token status.</p><p>Clause (ii) ends with the language &#8220;as the Commission shall establish by rule.&#8221; That is a rulemaking directive. The substantive content of &#8220;substantially economically or functionally equivalent&#8221; sits with the Commission. &#167;105(a) gives the SEC one year from enactment to put that flesh on the bone, and I will return to that timing point at the end.</p><h4>The parenthetical does the work</h4><p>Four words sitting in parentheses in clauses (ii)(III) and (ii)(IV) do most of the practical structuring work in &#167;4B(a)(7). &#8220;Other than a decentralized governance system&#8221; is the carve-out that preserves protocol-revenue tokens, fee-switch tokens, vote-escrow tokens, liquid-staking receipt tokens, and the other actually-existing economic primitives on which DeFi has been built. Read without that parenthetical, clause (ii)(III) would disqualify any token providing a &#8220;reasonable expectation of&#8221; any &#8220;payment&#8221; or &#8220;transfer of value&#8221; from any &#8220;person.&#8221; Every fee-accruing token would fail. With the parenthetical, the question becomes: from whom does the value flow?</p><p>&#167;2(5) of CLARITY defines a &#8220;decentralized governance system&#8221; with care. It is &#8220;any transparent, rules-based system permitting persons to form consensus or reach agreement in the development, provision, publication, maintenance, or administration of the distributed ledger system, in which participation is not limited to, or under the control of, any person or group of persons under common control.&#8221; &#167;2(5)(B) treats the DGS and the persons participating in it as separate legal persons unless they are under common control or acting under an agreement to act in concert. &#167;2(5)(C) confirms that a DGS includes legal-entity wrappers (decentralized unincorporated nonprofit associations and &#8220;other entity created pursuant to State law&#8221; such as Wyoming DAO LLCs and Marshall Islands DAO foundations), provided the legal entity does not operate pursuant to centralized management. &#167;2(5)(D), the rule of construction, states that a DGS shall not be deemed a person or a group of persons acting under common control for purposes of the Act.</p><p>This is a statutory separate-legal-personhood doctrine for properly-constituted on-chain governance systems. Payments flowing from a DGS to network token holders are not &#8220;transfers of value from a person&#8221; within clause (ii)(III). Equity-like interests &#8220;provided by&#8221; a DGS are not financial interests in a person within clause (ii)(IV). The DGS is a person, in some sense, but not the kind of person the disqualifying rights are targeting.</p><p>The rule of construction in &#167;4B(a)(7)(C)(ii) reinforces the carve-out from a different angle. It says a digital commodity &#8220;shall not be disqualified from being deemed a network token due to the granting of economic interests or voting capabilities with respect to a distributed ledger system or its decentralized governance system.&#8221; Economic interests in a DLS or DGS, and voting capabilities over either, are not disqualifying. Read together with the parenthetical, the doctrinal posture is clear: a token can carry meaningful economic rights and meaningful governance rights, provided both run through (or are with respect to) the DLS or the DGS, and not through a related labs entity, foundation operating with centralized management, or other &#8220;person.&#8221;</p><p>The &#167;2(5) DGS definition becomes the load-bearing wall. Anyone structuring a token cap table is now structuring a DGS. The substantive content of &#8220;transparent, rules-based,&#8221; &#8220;consensus or reach agreement,&#8221; &#8220;participation is not limited to, or under the control of&#8221; common-control persons, and &#8220;does not operate pursuant to centralized management&#8221; is what the bill leaves on the table for SEC and CFTC interpretive elaboration and, eventually, judicial gloss. The Wyoming DUNA framework and the Marshall Islands non-profit DAO foundation provide one set of structuring templates. Whether either, as deployed in any given protocol, satisfies &#167;2(5) is a matter to be analyzed on the facts.</p><h4>&#167;105(a) and what to do now</h4><p>&#167;105(a) is the rulemaking direction. The SEC must, within one year of enactment, adopt rules providing that a network token is not considered to provide a disqualifying right under &#167;4B(a)(7)(B) if its market value is &#8220;primarily derived, or is reasonably expected to be primarily derived,&#8221; from a distributed ledger system or from the broader adoption and use of such a system. The rule must cover four explicit fact patterns: (A) DLS-internal mechanisms collecting, receiving, accruing, or distributing consideration from the functioning of the DLS; (B) governance capabilities with respect to a DLS or DGS; (C) value appreciation or depreciation in response to the use of, or efforts, operations, or financial performance of, the DLS or its DGS; and (D) for network tokens that also meet the ancillary-asset definition, value appreciation or depreciation due to the efforts of the ancillary asset originator or related person.</p><p>(D) is the bridge clause and worth dwelling on. It confirms that a single token can be both a network token and an ancillary asset. The &#8220;efforts of the ancillary asset originator&#8221; pathway preserves the network-token classification for tokens in protocols that still have meaningful contribution from a labs entity, foundation, or core dev team. The price of preservation is the &#167;4B disclosure regime, which attaches to ancillary assets. But the token itself does not flip into security status because a labs entity is still doing work. That is the principal architectural improvement on FIT21&#8217;s &#8220;mature blockchain system&#8221; formulation.</p><p>For anyone structuring token cap tables in the year before &#167;105(a) rules are final, the takeaways follow from the architecture. </p><ul><li><p>First, build the DGS. &#167;2(5) is the load-bearing wall, and tokens whose economics depend on a DGS that does not satisfy &#167;2(5) on close inspection will not survive the disqualifying-rights test. </p></li><li><p>Second, route economics through the DLS or the DGS, not through the labs entity. Where the labs entity must receive value (treasury inflows, IP licensing fees, contribution payments), those flows should sit outside the token economics. </p></li><li><p>Third, do not write LP-interest-equivalent terms into token whitepapers. Clause (ii)(IV) explicitly names limited partnership interests and IP-licensing economic interests. </p></li><li><p>Fourth, separate the network token analysis from the ancillary-asset analysis. A network token that depends on ongoing founder efforts is a network token plus an ancillary asset, with &#167;4B disclosures attaching to the latter. A network token whose value derives only from DLS adoption is a network token and nothing more, with no &#167;4B disclosure burden. </p></li><li><p>Fifth, watch the &#167;105(a) rulemaking. The proposed rule will tell us how aggressively the SEC reads &#8220;substantially economically or functionally equivalent&#8221; in clause (ii), and how it intends to police the line between a DGS that satisfies &#167;2(5) and a foundation operating with centralized management.</p></li></ul><p>A final observation. The structural choice &#167;4B(a)(7) embodies, a rights-based rather than activity-based or maturity-based test, is the right call. It puts the analysis where the analysis belongs, on what the token actually does for its holder, and it spares everyone the indeterminate fact-finding of &#8220;sufficiently decentralized&#8221; inquiries. It also concentrates enormous interpretive weight on the four enumerated disqualifying rights and on the DGS definition. Those will be the litigated provisions for the next decade.</p><p>[1] The list reads like a structured catalog of what the SEC has spent the last decade arguing tokens really are. SEC v. Telegram Grp. Inc., 448 F. Supp. 3d 352 (S.D.N.Y. 2020), SEC v. LBRY, Inc., 639 F. Supp. 3d 211 (D.N.H. 2022), SEC v. Kik Interactive Inc., 492 F. Supp. 3d 169 (S.D.N.Y. 2020), and the now-dismissed SEC v. Coinbase, Inc. litigation, No. 23-cv-04738 (S.D.N.Y. June 6, 2023), all turned on whether the rights traveling with a token amounted to an investment contract enforced through software and protocol economics rather than through paper.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/what-is-a-network-token?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/what-is-a-network-token?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/what-is-a-network-token?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item><item><title><![CDATA[Howey Lives (but barely)]]></title><description><![CDATA[&#167;4B and the new investment-contract-without-the-rest framework]]></description><link>https://davidlopezkurtz.substack.com/p/howey-lives-but-barely</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/howey-lives-but-barely</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Tue, 02 Jun 2026 16:08:48 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!fHg3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Perhaps the cleverest drafting move in the CLARITY Act is preserving Howey (SEC v. W.J. Howey Co., 328 U.S. 293 (1946)), in name while gutting it in effect. The bill never says Howey is overruled. It does not need to. The Senate substitute to H.R. 3633 (engrossed May 12, 2026) introduces a new &#167;4B of the Securities Act of 1933, added by &#167;102 of CLARITY, that takes the investment-contract concept as its routing rule and then immediately strips the consequences of investment-contract status away from the asset itself, away from the secondary market, and away from the most common distribution mechanics. Howey survives as a sorting test for which network tokens land in the &#8220;ancillary asset&#8221; bucket of the trichotomy Post #1 walked through. It does not survive as the Section 5 registration trigger it has been since 1946.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!fHg3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!fHg3!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 424w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 848w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 1272w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!fHg3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png" width="712" height="478" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:478,&quot;width&quot;:712,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:548428,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/200315010?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!fHg3!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 424w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 848w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 1272w, https://substackcdn.com/image/fetch/$s_!fHg3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fffc7f139-c201-44a7-b00a-10e311cf3cc1_712x478.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The post-2017 enforcement era ran on the assumption that Howey was the substantive trigger and registration was the consequence. SEC v. Telegram Group Inc., 448 F. Supp. 3d 352 (S.D.N.Y. 2020), and SEC v. LBRY, Inc., 639 F. Supp. 3d 211 (D.N.H. 2022), are the canonical cases on the originator-controlled side. The SEC&#8217;s 2019 Framework for &#8220;Investment Contract&#8221; Analysis of Digital Assets (April 3, 2019) and the Hinman speech (June 14, 2018) tried to draw a line that token-issuance is an investment contract today but the token, post-decentralization, is not. SEC v. Ripple Labs, Inc., 682 F. Supp. 3d 308 (S.D.N.Y. 2023), got there by judicial route, distinguishing institutional sales (investment contracts) from programmatic secondary-market sales (not investment contracts). CLARITY codifies the Ripple distinction and then goes further. The investment-contract finding is preserved at the transaction level for ancillary-asset distributions. The asset, the secondary market, and gratuitous distributions are all reset to non-security.</p><h4>The four-step rerouting</h4><p>Read &#167;4B(b) end to end and the architectural move is obvious. </p><ul><li><p>Paragraph (1) provides that the offer, sale, or distribution of an ancillary asset by, or caused by, an ancillary asset originator (including through an underwriter) is treated as an offer, sale, or distribution of an investment contract involving an ancillary asset, except with respect to a gratuitous distribution. So the originator&#8217;s primary distribution is statutorily deemed an investment contract. Howey&#8217;s four prongs are imported wholesale, but as a label rather than as a test. The label triggers no Section 5 obligation. It triggers the &#167;4B(d) disclosure menu and, if the issuer wants, the &#167;103 Regulation Crypto exemption.</p></li><li><p>Paragraph (2) of &#167;4B(b) does the real work. A network token is treated as a non-security for purposes of &#167;2(a)(1) of the Securities Act, &#167;3(a) of the Securities Exchange Act of 1934, &#167;2(a) of the Investment Company Act of 1940, &#167;202(a) of the Investment Advisers Act of 1940, &#167;16 of the Securities Investor Protection Act of 1970, and any state-law equivalent that is not also commodity-consistent. This is, functionally, a federal preemption of blue sky law as to network tokens, written into the asset definition. The investment-contract status of the offering does not infect the asset. Howey is a transaction test under &#167;2(a)(1), and &#167;4B(b)(2) simply reads &#167;2(a)(1) (and its sister provisions) out of the network-token analysis. The disqualifying-financial-rights carve-outs in &#167;4B(a)(7)(B), expanded by the &#167;105 rulemaking directive, route any token that looks too much like debt, equity, a liquidation claim, an interest-bearing instrument, or an investment-company interest back into ordinary securities treatment. Reves v. Ernst &amp; Young, 494 U.S. 56 (1990), and the family-resemblance test for notes thus retain bite, but only for the disqualifying-rights inquiry, not for network tokens that pass that gating screen.</p></li><li><p>Paragraph (3) is the Ripple codification. Secondary-market offers, sales, or distributions of a network token by any person are treated as not involving the offer, sale, or distribution of a security under the same suite of statutes. The limitation in &#167;4B(b)(3)(B) is structurally interesting and worth flagging. The secondary-market relief is unavailable if the network token was offered, sold, or distributed pursuant to the offer, sale, or distribution of a security by the originator or underwriter. Plain reading: if the originator chose to register the investment contract pursuant to which the token was issued, the secondary-market non-security treatment falls away. The bill thus penalizes the issuer who voluntarily registers. That is a clear structural choice in favor of the disclosure-only path. It is also a trap for foundations and other originators who, on advice of counsel, want belt-and-suspenders Section 5 registration. The price of belt-and-suspenders is losing secondary-market coverage for downstream holders.</p></li><li><p>Paragraph (4) creates a presumption that a gratuitous distribution, by itself, does not constitute an offer, sale, or distribution of a security under the same suite of statutes. The anti-fraud and anti-manipulation authorities of the SEC, the CFTC, and state regulators are preserved by &#167;4B(b)(4)(B). What &#167;4B(b)(4) actually accomplishes is far broader than the word &#8220;airdrop&#8221; suggests. The defined term &#8220;gratuitous distribution&#8221; in &#167;4B(a)(5) sweeps in self-staking, self-custodial staking with a third party, liquid staking (subject to administrative-or-ministerial-receipt constraints), custodial and ancillary staking services (subject to SEC rulemaking), programmatic and automated rules-based distributions, and a technology-neutral catch-all. That list, taken seriously, captures essentially every protocol-native issuance mechanism that has appeared in the last decade. LBRY&#8217;s holding that programmatic rewards constituted unregistered securities offers does not survive this paragraph in any practical sense, at least prospectively.</p></li><li><p>&#167;4B(b)(5) closes the loop with a procedural mechanism that runs against the issuer. The paragraph creates a rebuttable presumption that any network token is an ancillary asset (and therefore disclosure-triggering under &#167;4B(d)) unless the originator or a digital asset intermediary submits a written certification, supported by reasonable evidence, that the token is not an ancillary asset. The Commission has 60 days from submission to issue an objection, with deemed effectiveness thereafter. The structural choice is to put the burden on the issuer to demonstrate non-ancillary-asset status. The default is disclosure; the exit is a Commission vote that cannot be delegated to staff or to an individual Commissioner under &#167;4B(b)(5)(C)(iii)(II). That non-delegation requirement is deliberate. It forces the Commission to take public positions on close cases rather than retreating into staff no-action correspondence.</p></li></ul><p>Stack the five paragraphs and the Section 5 registration question for an originator-controlled network-token distribution dissolves into a &#167;4B(d) disclosure question. Howey survives in &#167;4B(b)(1) as the label for what the transaction is called. It is not asked whether Howey is satisfied (it is statutorily deemed satisfied for ancillary-asset distributions other than gratuitous ones). And nothing turns on the answer at the asset level.</p><h4>Disclosure where registration used to be</h4><p>The substantive obligation under CLARITY runs through &#167;4B(d), not Section 5. &#167;4B(c) triggers initial and periodic disclosure on the earlier of a public-offering distribution by the originator (whether under Regulation Crypto, an effective Section 5 registration statement, a &#167;3(b)(2) offering statement, or a &#167;4(a)(6) crowdfunding offering) or the first secondary-market distribution that constitutes a public offering in the &#167;4(a)(2) sense. Smaller offerings escape entirely. &#167;4B(c)(1)(B) excludes any offering where aggregate gross proceeds were $5 million or less during the 12 months following the first offer, or where the 12-month average daily aggregate trading value across U.S. spot markets is $5 million or less (both adjusted for inflation).</p><p>The disclosure menu itself is more capacious than the comparable Form 10 or Form S-1 line items, and more flexible. &#167;4B(d)(2)(A) requires basic corporate information: the experience of the originator, distribution history including price history, planned activities and anticipated costs to promote use and value of the asset, a going-concern statement from the CFO, ownership disclosures by &#8805;10 percent equity holders and senior management holding &#8805;5 percent of the asset, related-person transactions, and the current state and timeline for moving the distributed ledger system out from under coordinated control as defined by &#167;104. &#167;4B(d)(2)(B) layers on economic and technical information: a plain-English description of how the distributed ledger system functions, intended functionality and uses, total supply and emission schedule, governance and consensus mechanism, gratuitous-distribution recipients receiving more than 5 percent of total supply, external code audit information, custodial services available, and a technology description sufficient to permit independent verification of transaction history.</p><p>Financial statements are scaled. Under &#167;4B(d)(2)(A)(vii), originators who have distributed less than $25 million in gross proceeds need only reviewed financials; above that threshold, audited. There is no equivalent of the &#167;11 strict liability that attaches to registration statements, because &#167;103(d)(2)(A) explicitly provides that disclosures furnished under &#167;4B are not registration statements for purposes of &#167;11 of the Securities Act, nor are they deemed filed under the Exchange Act. The &#167;10b-5 and &#167;12(a)(2) channels are preserved by &#167;4B(h), and the &#167;103(d)(1)(A) recharacterization of disclosures as &#8220;prospectuses&#8221; for &#167;12(a)(2) purposes ensures rescission remedies for purchasers in Regulation Crypto offerings. Underwriter &#167;11 exposure, which has shaped the economics of public-offering practice since 1933, is simply not present in the &#167;4B regime. Whatever else CLARITY does, it removes the gatekeeper liability function the underwriter has played for ninety years.</p><p>&#167;4B(c)(4) is the offshore-originator solution. A digital asset intermediary may satisfy the &#167;4B(d) disclosure obligation in lieu of the originator, subject to allocation rules. The intermediary path is unavailable when the originator is U.S.-organized and the asset is offered domestically pursuant to Regulation Crypto, an effective Section 5 registration, a &#167;3(b)(2) offering statement, or a &#167;4(a)(6) crowdfunding offering. Translation: U.S. originators must own their own disclosure; offshore originators (or originators of tokens that arrived in U.S. markets by secondary-market migration rather than by primary offering) can outsource disclosure to the listing venue. The standard of liability under &#167;4B(c)(4)(C) is something less than strict: the intermediary cannot file disclosures containing material misstatements or omissions unless it did not know and could not have known of the defect in the exercise of reasonable care. Exchanges become disclosure conduits with diligence-based liability. The structural choice here is to let foreign-organized issuers exist in U.S. markets without forcing a U.S. domestication, but to push the costs of compliance onto the venue that wants to list the asset. Coinbase, Kraken, and Gemini become &#167;4B(d) filers for the long tail of foreign-originated tokens that trade on their platforms.</p><p>The &#167;4B(d)(2)(A)(xv) decentralization-roadmap requirement deserves attention as well. The originator must disclose the current state and timeline for development of the distributed ledger system, detailing if, how, and when the system and the related ancillary asset are intended to no longer be subject to coordinated control. That is an affirmative obligation to plan for the &#167;104 coordinated-control exit and to commit to reportable milestones. Practitioners drafting these disclosures should expect to be held to them. A roadmap filed in year one that bears no relation to the system&#8217;s posture in year three will look, at best, like a &#167;4B(h) misstatement candidate, and, depending on whether circular value flows or timing manipulation under &#167;4B(m)(2)(C) are also present, like a &#167;4B(m) evasion candidate.</p><p>&#167;4B(d)(3) provides the exit. A certification covered party (the originator, a subsidiary, a related person, or any entity in common control) may file a written certification, supported by reasonable evidence, that during the preceding 180 days no covered party has engaged in more than a nominal level of entrepreneurial or managerial efforts and that any such prior efforts were not a primary factor in determining the value of the ancillary asset. A &#167;104(d) certification (the coordinated-control exit) must also be effective. The Commission has 90 days from submission to issue a written notice of objection or non-objection. Silence means deemed approval under &#167;4B(d)(3)(B)(iv). Disclosure obligations terminate. This is the Hinman speech, codified, with a procedural backstop and a 90-day deemed-approval clock. It is also the practical end-state of the disclosure regime for any token that reaches a decentralized steady state: the originator files, periodically updates, and eventually certifies out.</p><h4>&#167;103 and the capped exemption</h4><p>Section 103 of CLARITY directs the SEC to adopt Regulation Crypto, a new exemption from Section 5 registration for offers, sales, and distributions of investment contracts involving ancillary assets. The exemption is capped at the greater of $50 million per calendar year (for up to four years) or 10 percent of the dollar value of outstanding ancillary assets. &#167;103(b)(1)(A). Total proceeds under Regulation Crypto across the life of the originator are capped at $200 million in the aggregate. &#167;103(b)(2). Both caps adjust for inflation under &#167;103(b)(3) and may be raised by the Commission on a two-year review cycle.</p><p>This is the back door, and it is narrow. A $1.7 billion Telegram-style raise (institutional pre-sales of SAFTs followed by a public launch of the network token) cannot fit through Regulation Crypto. It would have to take one of three other routes: registration of the investment contracts under Section 5 with a token-specific form, reliance on &#167;4(a)(2) (and the new digital-asset modernization rules under &#167;108 of CLARITY), or a &#167;4(a)(6) regulation crowdfunding offering as recharacterized by the bill. The point worth underlining for clients is that the &#167;103 cap is sized against the type of fundraising that produced the post-2017 enforcement cycle. Large pre-launch raises remain a registration question. Smaller raises, retroactive disclosure programs, and post-launch ongoing distributions are the constituency Regulation Crypto is sized for.</p><p>The &#167;103 conditions matter. &#167;103(c)(1) requires disclosures under &#167;4B(d) at least 30 days before the first Regulation Crypto offer, sale, or distribution. &#167;103(c)(2) imports the &#167;104 coordinated-control restrictions on related-person dispositions. &#167;103(c)(3)(A) excludes non-U.S.-organized originators, a meaningful change from current practice where offshore foundations regularly stand behind U.S. token distributions, and worth thinking through against the Wyoming DUNA and Marshall Islands DAO LLC frameworks. Bad-actor disqualifications under &#167;103(c)(3)(E) through (H) track Rule 506(d) and Rule 262 with a 10-year felony lookback for insider trading, embezzlement, cybercrime, money laundering, terrorism financing, and financial fraud. The &#167;103(d) status provision recharacterizes the disclosures: prospectus for &#167;12(a)(2), statement for &#167;17(a), &#167;10(b), and Rule 10b-5, not a registration statement for &#167;11 purposes, and not deemed filed under the Exchange Act.</p><p>The combined effect of &#167;4B and &#167;103 is to convert the registration question into a disclosure-and-cap question. Above $200 million in lifetime reliance, the issuer either registers under Section 5 (losing &#167;4B(b)(3) secondary-market coverage in the process per the &#167;4B(b)(3)(B) limitation) or uses another exemption, typically &#167;4(a)(2) for institutional pre-sales. Below $200 million, Regulation Crypto with &#167;4B(d) disclosure is the path. Both paths converge on the same &#167;4B(d) menu and the same &#167;4B(d)(3) exit.</p><h4>What&#8217;s left of Howey</h4><p>Howey now does three things in the network-token context. </p><ul><li><p>First, it sorts. The &#167;4B(a)(1) definition of &#8220;ancillary asset&#8221; requires that the value of a network token be dependent upon the entrepreneurial or managerial efforts of an ancillary asset originator or a related person, as those concepts are further specified by the Commission by regulation. That phrase is Howey&#8217;s fourth prong, lifted and repurposed as a classification criterion. Network tokens whose value does not depend on the entrepreneurial or managerial efforts of an originator are not ancillary assets. They live outside &#167;4B(d). Network tokens whose value does so depend are ancillary assets and trigger disclosure. Howey tells you which bucket the token sits in.</p></li><li><p>Second, Howey polices the disqualifying-financial-rights exclusions in &#167;4B(a)(7)(B). Any token that represents, gives the holder, or is substantially economically or functionally equivalent to a debt or equity interest, a liquidation right, an entitlement to a dividend or transfer of value from a person other than a decentralized governance system, or an investment-company interest, is excluded from network-token treatment and falls back into ordinary securities analysis. Howey, Reves, and the lineage of cases that runs through them remain dispositive for that gating screen. The drafting choice to vest the exclusion in &#8220;substantially economically or functionally equivalent&#8221; language ensures that this is where the major future contests will sit. Anti-evasion is reinforced in &#167;4B(m), which expressly contemplates the removal of a disqualifying financial right paired with reintroduction through a related-person vehicle (a foundation, a DAO, a laboratory) as evidence of willful evasion. The &#167;4B(m)(2)(C) factor list reads as if it were drafted with the post-2020 wave of foundation-and-protocol structures in mind.</p></li><li><p>Third, Howey lingers in &#167;4B(b)(1) as a label. An originator-controlled distribution of an ancillary asset is an offer, sale, or distribution of an investment contract involving an ancillary asset. That is a useful nominal fiction for &#167;12(a)(2) and Rule 10b-5 purposes. It is also useful for anti-fraud authority that travels with the investment-contract designation. But it has no Section 5 consequence, and the &#167;4B(b)(2) non-security treatment of the asset itself prevents the investment-contract label from infecting the token in secondary markets or on the books of any holder.</p></li></ul><p>The retroactive piece deserves a moment. &#167;4B(k)(1) bars the SEC and any private plaintiff from initiating, pursuing, or maintaining a &#167;5 or &#167;12(a)(1) action arising from pre-effective-date offers, sales, or distributions of ancillary assets, provided the originator (or certification covered party) complies with the &#167;4B(c)(3) transition disclosure obligations. Anti-fraud actions survive under &#167;4B(k)(2). Secondary-market pre-effective-date sales of network tokens are similarly retroactively cleansed under &#167;4B(k)(3). The Telegram, LBRY, Kik, and Coinbase backlog of Section 5 enforcement risk substantially dissolves on the effective date. The Ripple institutional-sale holding remains as to the historical liability the SEC obtained, but no future SEC enforcement of analogous conduct can build on it. The 2019 Framework is, in any event, formally superseded by the joint SEC-CFTC interpretation effective March 23, 2026 (Release Nos. 33-11412 and 34-105020), which expressly displaces the prior Framework and the Commission&#8217;s staff statements on related topics. The Hinman speech, never Commission policy in the first place, retains only historical interest. What &#8220;ancillary asset&#8221; and &#8220;entrepreneurial or managerial efforts&#8221; mean going forward will be developed through the &#167;4B(b)(5) prior-certification process, the &#167;4B(d)(3) ongoing-certification process, and the Commission&#8217;s eventual &#167;105 rulemaking, with the joint release&#8217;s analytical structure (essential managerial efforts as the operative concept, separation doctrine for when a non-security crypto asset ceases to be subject to an investment contract) as the relevant interpretive background.</p><p>Token offerings have moved from a registration question to a disclosure question. Howey still routes assets between the network-token bucket (disclosure regime) and the ordinary-securities bucket (registration regime), and still polices the disqualifying-financial-rights screen. But its central role in the digital-asset space since 2017, as the substantive trigger for Section 5 enforcement, is over. The structural questions that remain are no longer about whether Howey is satisfied. They are about whether the &#167;4B(b)(5) prior certification will issue, whether the &#167;4B(d)(3) exit certification will be granted, whether &#167;104 coordinated control has dissolved, whether &#167;4B(m) anti-evasion regulations will catch a particular structure, and whether the originator has correctly screened its instrument under &#167;4B(a)(7)(B). Those are good questions, and they will keep this practice busy for the next decade (but they are not Howey questions).</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/howey-lives-but-barely?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/howey-lives-but-barely?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/howey-lives-but-barely?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[The Architecture of CLARITY]]></title><description><![CDATA[How the Senate Substitute Remakes Digital-Asset (fka Crypto) Law]]></description><link>https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Tue, 26 May 2026 16:01:42 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!C5cn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>The Senate substitute to H.R. 3633 &#8212; the engrossed amendment in the nature of a substitute introduced by Sen. Scott on May 12, 2026, that the Senate is now calling the &#8220;Digital Asset Market Clarity Act&#8221; &#8212; is 309 pages organized across nine titles. The first time you read it through, the impulse is to map it section by section: Title I for securities, Title II for BSA, Title III for DeFi, Title IV for banking, and so on. That reading is not wrong, but it misses the doctrinal architecture entirely. The bill&#8217;s most consequential moves are structural, not substantive. CLARITY does not abolish Howey. It does not promulgate a new test for what counts as an investment contract. It does not draw a bright-line rule between security and commodity that a court could apply on first principles. What it does &#8212; and what every practitioner working on a token launch, a DeFi protocol, a custody arrangement, or a bank&#8217;s digital-asset desk needs to understand before reading anything else &#8212; is route around the existing framework by overlaying a new statutory category on top of it and rerouting most of the consequences.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!C5cn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!C5cn!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 424w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 848w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 1272w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!C5cn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png" width="1456" height="966" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:966,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1803057,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/198898620?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!C5cn!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 424w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 848w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 1272w, https://substackcdn.com/image/fetch/$s_!C5cn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4285cb7d-a561-45cc-9309-c9ea37d889f6_1575x1045.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This post is the doctrinal scaffold for the series that follows. The thesis is straightforward and worth stating up front: CLARITY&#8217;s central innovation is the construction of a three-tier statutory regime &#8212; network token, ancillary asset, digital commodity &#8212; sitting atop the existing securities laws, paired with a fourth construct, the decentralized governance system, that operates as a separate legal person and refuses to be deemed an unincorporated association of its participants. The &#167;4B disclosure regime grafted onto the Securities Act of 1933 is what makes that three-tier scheme operational. Every other title in the bill &#8212; Title III&#8217;s DeFi line, Title IV&#8217;s bank-permissibility expansion, Title VII&#8217;s bankruptcy reform, Title VI&#8217;s developer protections &#8212; is downstream of this architecture. Reading CLARITY as a series of standalone subject-matter reforms will leave you confused about why pieces fit together the way they do. Reading it as a single doctrinal engine that classifies first and then routes consequences accordingly will not.</p><h4>The Trichotomy</h4><p>Start with the categories. CLARITY&#8217;s &#167;2 defines &#8220;digital commodity&#8221; by reference to the new &#167;1a of the Commodity Exchange Act added elsewhere in the bill; the Commission&#8217;s universe is everything that is digital, recorded on a distributed ledger system, and not a security. So far this is unremarkable &#8212; the categorical move is borrowed wholesale from the 2024 FIT21 framework. The novelty is in the further subdivision. A &#8220;network token,&#8221; defined in &#167;4B(a)(7) of the Securities Act as added by &#167;102, is a digital commodity &#8220;intrinsically linked to a distributed ledger system and that derives, or is reasonably expected to derive, its value from the use of such distributed ledger system.&#8221; A network token is, by statutory operation, &#8220;treated as a non-security solely for purposes of the Federal securities laws,&#8221; subject to a narrow set of disqualifying conditions discussed below. The *ancillary asset*, also defined in &#167;4B(a)(1), is the network token that has not yet reached maturity: a network token &#8220;the value of which is dependent upon the entrepreneurial or managerial efforts of an ancillary asset originator or a related person, as those concepts are further specified by the Commission by regulation.&#8221; The bill borrows the <em>Howey</em> vocabulary (entrepreneurial or managerial efforts) and uses it to mark the ancillary asset&#8217;s developmental phase rather than to determine whether the asset is a security at all.</p><p>In other words: every network token is potentially an ancillary asset in its infancy, and every ancillary asset is expected to mature into a fully decentralized network token whose value is no longer dependent on identifiable promoter effort. The bill builds in a rebuttable presumption to that effect in &#167;4B(b)(5): a network token is presumed to be an ancillary asset until the originator or a digital asset intermediary submits a certification, supported by reasonable evidence, &#8220;sufficient to demonstrate that the network token is not an ancillary asset.&#8221; The Commission has sixty days to object; absent an objection, the certification takes effect automatically. The presumption runs *toward* regulation, but the mechanics make graduation cheap and quick.</p><p>So, the CLARITY framework is doing exactly what the SEC&#8217;s 2019 Framework for &#8220;Investment Contract&#8221; Analysis of Digital Assets purported to do, and what former Director Hinman gestured at in his June 2018 speech at the Yahoo Finance All Markets Summit &#8212; except that the bill replaces a multi-factor evaluative framework with a statutory category whose entry and exit conditions are spelled out and whose default direction is non-security. Howey survives by name; its operational consequences for token markets do not. The maturity question &#8212; Hinman&#8217;s &#8220;sufficiently decentralized&#8221; intuition &#8212; becomes a structured certification with a sixty-day clock rather than a years-long enforcement-driven discovery of the answer.</p><h4>&#167;4B as Bolt-On</h4><p>The mechanism for routing consequences is Securities Act &#167;4B, inserted by &#167;102 of CLARITY immediately after &#167;4A (the JOBS Act&#8217;s crowdfunding section). &#167;4B(b) is where the doctrinal magic happens. Subsection (b)(1) provides that &#8220;the offer, sale, or distribution of an ancillary asset by, or caused by, an ancillary asset originator, including through an underwriter, shall be considered to be an offer, sale, or distribution of an investment contract involving an ancillary asset.&#8221; Read that carefully. The transaction is an investment contract. The transaction therefore implicates the Securities Act. But subsection (b)(2) immediately provides that the <em>network token itself</em> is &#8220;treated as a non-security&#8221; for purposes of &#167;2(a)(1) of the 1933 Act, &#167;3(a) of the 1934 Act, &#167;2(a) of the Investment Company Act, &#167;202(a) of the Advisers Act, and &#167;16 of SIPA. The bill carefully distinguishes between the transaction &#8212; which can be an investment contract &#8212; and the asset &#8212; which, even when it is the subject of an investment contract, retains its non-security status everywhere else in the federal securities laws.</p><p>The doctrinal upshot is that Section 5&#8217;s registration requirement applies to the transaction, but the analytic surface area shrinks dramatically because Section 5 compliance for ancillary asset transactions is achieved through the &#167;4B(d) disclosure menu rather than through the standard S-1/S-3/Reg A/Reg D pathway. &#167;103 lays out the exemption-and-rulemaking framework that makes this concrete: an ancillary asset offering meeting the disclosure conditions of &#167;4B(d) is exempt from registration, the Commission is directed to adopt implementing rules within 360 days, and the rulemaking must &#8220;tailor&#8221; the disclosure burdens to the technical and economic realities of distributed ledger systems. Practitioners who lived through the SEC&#8217;s no-action experience with the <em>Munchee</em> (DAO Order Sec. Act Release No. 81207 (July 25, 2017)), <em>Telegram</em> (SEC v. Telegram Grp. Inc., 448 F. Supp. 3d 352 (S.D.N.Y. 2020)), and <em>LBRY</em> (SEC v. LBRY, Inc., 639 F. Supp. 3d 211 (D.N.H. 2022)) line of cases will recognize what is happening: the registration question that those cases agonized over is rerouted into a disclosure question, and the disclosure question is given a finite scope.</p><p>Two further provisions complete the bolt-on. Subsection (b)(3) addresses the secondary market: the offer, sale, or distribution of a network token by *any person other than the originator or underwriter* is not the offer of a security under any of the federal acts or any &#8220;functionally equivalent&#8221; state law. This is the provision that, more than any other, kills the Reves v. Ernst &amp; Young, 494 U.S. 56 (1990), family-resemblance overhang for secondary trading. Subsection (b)(4) addresses gratuitous distributions: airdrops, staking rewards, validator rewards, liquid-staking issuance, and protocol-rules-based programmatic distributions are presumed not to be offers, sales, or distributions of a security. The taxonomy of &#8220;gratuitous distribution&#8221; in &#167;4B(a)(5) is broad enough to capture nearly every non-purchase token-acquisition mechanism &#8212; a taxonomy worth a standalone post (and getting one).</p><p>Anti-fraud authority is preserved expressly. &#167;4B(b)(4)(B) clarifies that nothing in the gratuitous-distribution presumption &#8220;may be construed to limit, impair, or otherwise affect the anti-fraud or anti-manipulation authorities of the Commission, the Commodity Futures Trading Commission, or a State regulator.&#8221; The same savings language reappears throughout the bill. Practitioners should not mistake CLARITY for a deregulation bill. It is a re-routing bill. The Commission&#8217;s &#167;10(b)/Rule 10b-5 jurisdiction over token markets is unaffected; the &#167;17(a) anti-fraud authority over offers and sales is unaffected; the New York Martin Act survives where consistent with the federal scheme. What changes is the registration overhang, not the anti-fraud floor.</p><h4>The Disqualifying-Financial-Rights Test</h4><p>The next layer of the architecture sits inside &#167;4B(a)(7)(B). To qualify as a network token &#8212; and therefore as a presumptive non-security at the asset level &#8212; a digital commodity must not bear any of four &#8220;disqualifying financial rights.&#8221; First, a security as that term is otherwise defined, or anything functionally equivalent to one. Second, an interest representing or substantially equivalent to a debt or equity interest, an option on such an interest, liquidation rights, or &#8220;an entitlement to, or a reasonable expectation of, an interest, dividend, or other payment, or direct or indirect transfer of value, from a person other than a decentralized governance system.&#8221; Third, an interest in a &#167;3(c)-excluded investment company. Fourth, an interest in a non-investment-company entity holding assets other than securities.</p><p>The third and fourth disqualifiers are largely housekeeping &#8212; they prevent the use of network-token wrappers to evade the Investment Company Act and its &#167;3(c)(1) and &#167;3(c)(7) carve-outs. The first is tautological. The doctrinal work is being done by the second, and specifically by the parenthetical &#8220;other than a decentralized governance system.&#8221; Read carefully: a token can confer &#8220;an entitlement to, or a reasonable expectation of, an interest, dividend, or other payment, or direct or indirect transfer of value&#8221; from a decentralized governance system without losing its network-token status. This means protocol-revenue-sharing tokens, fee-switch tokens, vote-escrow tokens, and similar mechanisms survive the test so long as the value flow runs *from* the DGS rather than from a centralized issuer or a related person. The doctrinal lever is the legal personhood of the DGS, which we get to in a moment.</p><p>A separate provision, &#167;105(a), instructs the Commission to adopt rules within one year confirming that a network token &#8220;shall not be considered as providing a disqualifying financial right&#8221; if its market value is &#8220;primarily derived, or is reasonably expected to be primarily derived, from a distributed ledger system or from the broader adoption and use of such a system&#8221; &#8212; including where the ledger collects, receives, accrues, or distributes consideration from network functioning; where the token provides governance capabilities; or where its value appreciates or depreciates due to network use or ancillary-asset-originator efforts. This rulemaking instruction collapses the most-litigated Howey prong &#8212; &#8220;efforts of others&#8221; &#8212; by deeming network-derived value to be non-disqualifying as a matter of statutory direction. The Commission has discretion in the rule&#8217;s particulars but not in the basic principle.</p><p>&#167;105(b)(2) adds what is probably the most consequential and least-discussed grandfather in the bill: a digital asset that was, on January 1, 2026, the principal asset of an exchange-traded product not registered under the Investment Company Act and listed on a national securities exchange is, by statutory operation, neither an ancillary asset nor a security. BTC and ETH receive this status automatically; any other token whose spot ETP was listed before the cutoff joins them. The asymmetry created is significant &#8212; a token *with* a spot ETP gets a regulatory free pass; a token *without* one has to clear the &#167;4B/&#167;105 maturity tests &#8212; and it creates an obvious incentive structure for issuers to push ETP listings onto national exchanges before the cutoff freezes the universe. That dynamic deserves its own post (and gets one in the queue).</p><h4>The Decentralized Governance System as a Separate Person</h4><p>The fourth structural element &#8212; and the one that does the most quiet doctrinal work &#8212; is the DGS construct. &#167;2(5) defines a &#8220;decentralized governance system&#8221; as, with respect to a distributed ledger system, any &#8220;transparent, rules-based system permitting persons to form consensus or reach agreement in the development, provision, publication, maintenance, or administration of the distributed ledger system, in which participation is not limited to, or under the control of, any person or group of persons under common control.&#8221; Subparagraph (B) is the key: &#8220;the decentralized governance system and any persons participating in the decentralized governance system shall be treated as separate persons unless those persons are under common control or acting pursuant to an agreement to act in concert.&#8221; Subparagraph (C) accommodates wrapper entities &#8212; a state-law decentralized unincorporated nonprofit association (Wyoming&#8217;s DUNA), a Marshall Islands DAO LLC, or analogous foreign-jurisdiction vehicles &#8212; so long as the entity does not operate &#8220;pursuant to centralized management&#8221; and provided that &#8220;the delegation of ministerial or administrative authority at the direction of the participants in a decentralized governance system shall not be construed to be centralized management.&#8221; Subparagraph (D) closes with a rule of construction: a DGS &#8220;shall not be deemed to be a person or a group of persons acting under common control&#8221; for purposes of the Act.</p><p>The construct is doing four things at once. First, it solves the entity-classification problem that the *Sarcuni v. bZx DAO*, 664 F. Supp. 3d 1100 (S.D. Cal. 2023), and *CFTC v. Ooki DAO*, No. 2:22-cv-05416 (N.D. Cal. 2023), courts grappled with &#8212; the question of whether a token-holder-governed protocol is, by virtue of its operation, a general partnership of its token holders with joint and several liability flowing from any actionable conduct. CLARITY says no, by statutory direction, so long as the participants are not under common control or acting in concert. Second, it preserves token-holder governance &#8212; voting, treasury management, parameter setting &#8212; without converting that participation into the kind of &#8220;common enterprise&#8221; that *Howey* and its progeny treat as evidence of a securities relationship. Third, it makes the &#8220;value flow from a DGS&#8221; carve-out in &#167;4B(a)(7)(B)(ii)(III) coherent &#8212; value can flow from the DGS to token holders without being treated as a distribution from a person, because the DGS and its participants are separate persons by statute. Fourth, it provides the doctrinal foundation for the &#167;301 DeFi carve-out, which uses the same construct to draw the line between a &#8220;decentralized&#8221; and a &#8220;non-decentralized&#8221; trading protocol.</p><p>The construct is not unlimited. Subparagraph (B) preserves the common-control and acting-in-concert exceptions; subparagraph (C) excludes wrappers operated pursuant to centralized management. Practitioners structuring DAOs in CLARITY&#8217;s wake should expect a body of Commission rulemaking and eventual enforcement on the boundary between ministerial delegation (preserved) and centralized management (disqualifying). The drafting is sound enough that the boundary should be administrable, but it is not self-executing.</p><h4>Coordinated Control and the 49% Test</h4><p>&#167;104 puts operational teeth on the DGS construct by defining &#8220;coordinated control&#8221; as the disqualifying condition for ancillary-asset status. The Commission is directed to adopt rules implementing five indicia: (A) the protocol and any distributed-ledger applications are open-source and publicly available; (B) no person or common-control group has unilateral authority to censor, restrict, or grant preferential treatment via system operation or hard-coded source-code privileges; (C) no person or common-control group has beneficial ownership of more than 49% of outstanding token units or 49% of governance voting power; (D) the system has reached an autonomous state &#8212; no person has unilateral authority to alter functionality or consensus rules; (E) economic independence &#8212; the value-accrual mechanisms intended to flow consideration to the ancillary asset are functional.</p><p>The 49% threshold is the only hard number in the entire decentralization framework, and it is doing a great deal of work. Token-supply concentration and governance-vote concentration are both captured (the test is disjunctive &#8212; either trips it), and &#8220;beneficial ownership&#8221; is the operative metric, which means scoped grants, vesting schedules, lockups, custody arrangements, and trust structures will all need to be analyzed for ownership-attribution purposes. The Commission has discretion in the precise rules of construction (the bill says the Commission &#8220;shall consider&#8221; the criteria) but not on the 49% number, which is hard-coded.</p><p>&#167;104(b)(3) provides safe harbors. Subparagraph (B) reaffirms that a DGS is not a person or common-control group for &#167;104 purposes. Subparagraph (C) is the cybersecurity emergency-measure safe harbor: a pre-defined, temporary, rules-based emergency measure exercised by an incident response or security council exclusively in response to a documented cybersecurity incident or imminent threat, pursuant to publicly disclosed on-chain authorization mechanisms, that is strictly limited in scope and duration and exercised without unilateral control by any single person, does not by itself constitute common control or acting in concert. This is a thoughtful drafting concession to the realities of protocol governance &#8212; most major DeFi protocols maintain emergency-pause multisigs, and CLARITY explicitly preserves them as compatible with decentralization status.</p><h4>The &#167;301 Line and the Rest of the Architecture</h4><p>The DGS construct and the coordinated-control test repeat themselves in &#167;301, which applies the same logic to DeFi trading protocols. A &#8220;decentralized finance trading protocol&#8221; is defined as a distributed ledger system through which participants execute transactions via predetermined non-discretionary automated rules without third-party custody. A &#8220;non-decentralized&#8221; version is one in which (i) a person or common-control group has authority to control or materially alter functionality, (ii) execution is not based solely on source-code-encoded rules, or (iii) someone has censorship authority. &#167;301(a)(2)(C) carves out from the &#8220;non-decentralized&#8221; classification a long list of activities that should not be deemed control: compiling, relaying, searching, sequencing, validating, oracle services, computational work, bandwidth provision, and participation in security councils. The activity carve-outs are practitioner gold and merit a standalone post, but the architectural point for this post is that &#167;301 reuses the same DGS-separate-person logic and the same control-versus-non-control distinction that &#167;104 establishes. The trading-protocol layer is just the trading-protocol analog of the asset-classification layer.</p><p>The same architectural through-line runs through Title IV (banking) and Title VII (bankruptcy). &#167;401 authorizes national banks, FHCs, federal credit unions, and (by parity) state banks to perform the full menu of digital-asset activities &#8212; custody, staking, lending, principal market-making, dealing, payment, brokerage, derivatives &#8212; and bootstraps those activities into &#8220;the business of banking&#8221; under 12 U.S.C. &#167; 24 Seventh. The list is fourteen items long and explicitly excludes nonfungible assets. &#167;401(h) eliminates prior-notice and approval requirements outside the existing organic banking statutes. This is the statutory equivalent of, and significantly broader than, the OCC&#8217;s 2020&#8211;21 Interpretive Letter 1170/1172/1174 sequence (modified by IL 1179 to reinstate prior approval). For a chartered institution, the universe of permissible digital-asset activity goes from contested-and-conditional to expressly enumerated.</p><p>&#167;701 then pulls ancillary assets and digital commodities into the Subchapter III stockbroker liquidation regime of Chapter 7 of the Bankruptcy Code. Ancillary assets are added to 11 U.S.C. &#167; 741&#8217;s customer-property definitions, and digital commodity transactions are designated commodity contracts for purposes of the safe-harbor provisions (&#167;&#167; 362, 546(e), 553, 556, 561, 562). The doctrinal point &#8212; and the through-line back to &#167;4B &#8212; is that CLARITY treats ancillary assets as quasi-securities for customer-property and bankruptcy-safe-harbor purposes while treating them as non-securities for offering, trading, and reporting purposes. That asymmetry is not an oversight. It is the structural choice the bill is making: protect customers as if they hold investment property, but classify the property itself out of the registration regime.</p><h4>What this Means in Practice</h4><p>The practical consequences of the architecture, before we get into the standalone deep dives that follow in this series, are five.</p><p>First, the classification question becomes a routing decision rather than a legal conclusion. The question every issuer&#8217;s counsel will ask is no longer &#8220;is this an investment contract&#8221; but &#8220;is this a network token, an ancillary asset, or something else.&#8221; The first two categories are presumed non-securities at the asset level even when the originating transaction is a &#167;4B(b)(1) investment contract; the third &#8212; anything that fails the network-token test, including any token with disqualifying financial rights &#8212; remains a security subject to the full *Howey* analysis and the standard registration/exemption framework.</p><p>Second, the registration question shrinks. Ancillary-asset offerings clear &#167;4B(d) disclosure rather than full &#167;5 registration. Secondary-market trading of network tokens is non-securities trading. Gratuitous distributions are presumed non-securities events. The compliance surface for token issuance is meaningfully smaller and more predictable. The compliance surface for fraud and manipulation is unchanged.</p><p>Third, DAO and protocol structuring becomes a structured exercise. The DGS construct, the 49% test, and the &#167;301 carve-outs together provide a checklist for assessing whether a given arrangement clears the decentralization bar. Wyoming DUNA wrappers, Marshall Islands DAO LLCs, and similar vehicles are accommodated. Multisig emergency councils are accommodated. What is not accommodated is centralized management masquerading as decentralized governance.</p><p>Fourth, custody and intermediary regulation becomes activity-based. &#167;301(c) requires the SEC to determine intermediary-registration consequences &#8220;only with respect to securities-related activities, based on the functions performed by the controlling person or group of persons, &#8230; without regard to technological form, distributed architecture, or purportedly decentralized characterization.&#8221; The bill is explicit that decentralization rhetoric is not a defense to control-in-fact; conversely, the absence of control is a defense regardless of decentralization rhetoric.</p><p>Fifth, every consequence flows from the classification. Banking permissions, bankruptcy treatment, BSA obligations, broker-dealer registration, anti-fraud reach &#8212; all turn on whether the asset is a digital commodity, ancillary asset, network token, security, or payment stablecoin. The five-way taxonomy is the bill&#8217;s organizing principle. Read every other title with that taxonomy in front of you and the structure resolves.</p><h4>What this Series Will Cover</h4><p>The posts that follow this one will work through the architecture in the order it was built. Next up: the &#167;4B disclosure regime in detail &#8212; how the bill keeps *Howey* nominally while draining it of consequence &#8212; and the &#167;4B(a)(7) disqualifying-financial-rights test that determines who is in the network-token category in the first place. After that: the &#167;104 coordinated-control test and the 49% threshold; the DGS construct and the *Sarcuni*/*Ooki* overrule; the &#167;301 DeFi line; the &#167;401 bank-permissibility expansion; the &#167;701 bankruptcy reform; the &#167;404 stablecoin yield prohibition and its activity-rewards loophole; the &#167;602 NFT safe harbor; the &#167;505 tokenization-parity rule. Toward the end of the series, the contrarian posts: the &#167;105(b)(2) ETF grandfather and the regulatory-arbitrage incentive structure it creates; what CLARITY pointedly does not address (tax, ERISA, residual CFTC jurisdiction); and the &#167;904 Build Now Act housing rider that found its way into a digital-asset market-structure bill.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/the-architecture-of-clarity?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[Control Is the New Possession]]></title><description><![CDATA[New York (Finally) Enacts UCC Article 12]]></description><link>https://davidlopezkurtz.substack.com/p/control-is-the-new-possession</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/control-is-the-new-possession</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Fri, 22 May 2026 21:28:16 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!zgfP!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>On December 5, 2025, New York Governor Hochul signed Senate Bill S1840-A into law, making New York the 35th U.S. jurisdiction to enact the 2022 Amendments to the Uniform Commercial Code. The Revised UCC takes effect on June 3, 2026, with a one-year grace period that runs to June 3, 2027. [1] The team at Cahill put out a <a href="https://www.cahill.com/">really clean client alert</a> on the enactment that I&#8217;d recommend to anyone who wants the full doctrinal walkthrough. Lewis in particular has been one of the more reliably thoughtful voices on crypto commercial law for a decade, and the alert is a good tour of the mechanics.</em> </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!zgfP!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!zgfP!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 424w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 848w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 1272w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!zgfP!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png" width="1456" height="801" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:801,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2011208,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/198897957?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!zgfP!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 424w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 848w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 1272w, https://substackcdn.com/image/fetch/$s_!zgfP!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F39e3c3b2-d89b-4382-826a-58973baeaec5_1546x850.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>My goal here is not to re-tread their ground but to build on it: to explain what the Revised UCC actually <em>fixes</em>, where the sharp edges still are, and what people should do. The short version is this: commercial law has been groaning under the weight of 2020s asset classes shoehorned into 1950s concepts. New York finally fixed the plumbing. Now the rest of us get to work out what flows through it.</p><p>To appreciate what the Revised UCC accomplishes, it helps to remember what secured lending against crypto collateral actually looked like under the pre-Amendments regime.</p><p>If your borrower pledged a bunch of Ether, your options were ugly. Ether isn&#8217;t a &#8220;deposit account,&#8221; isn&#8217;t &#8220;investment property&#8221; (because it isn&#8217;t a security held through a securities intermediary), isn&#8217;t &#8220;chattel paper,&#8221; isn&#8217;t &#8220;money&#8221; in any conventional sense, and isn&#8217;t a &#8220;negotiable instrument.&#8221; Practitioners mostly settled on classifying it as a &#8220;general intangible&#8221; under Article 9 and perfecting by filing a UCC-1 financing statement against the debtor. That worked, sort of, for some purposes. But it created two problems that never really went away.</p><p>First, there was no concept of <em>negotiability</em> for crypto. If someone bought Bitcoin from your borrower on the secondary market, that purchaser took the coins subject to your lien forever. There was no holder-in-due-course doctrine, no take-free rule, nothing to cleanse the asset of prior claims as it changed hands. A motivated secured party could, in theory, chase the collateral through ten wallets and claim it back from an innocent purchaser. That&#8217;s not how functioning financial markets work. It&#8217;s how a legal opinion ends with &#8220;we are unable to opine&#8221; and the deal falls apart.</p><p>Second, the idea of <em>control</em>, which the UCC already used for deposit accounts, investment property, and electronic chattel paper, had no analog for blockchain-native assets. You couldn&#8217;t perfect a security interest in Bitcoin by taking the private key. Or rather, you could, in the sense that operationally you would control the coins, but the UCC didn&#8217;t bless that approach with priority rules, and a later-filing party might still leapfrog you.</p><p>The upshot is that secured lending against digital assets has, for the last several years, been either overcollateralized, overengineered, or both. Credit facilities against crypto collateral routinely use custodial arrangements with negotiated contractual priorities, belt-and-suspenders UCC filings, and legal opinions that qualify themselves into unreadability. It works, but it&#8217;s expensive, it&#8217;s inconsistent across transactions, and it presumes a court someday won&#8217;t take a dim view of the whole arrangement.</p><h4><strong>What Article 12 Actually Does</strong></h4><p>The Revised UCC does four things that matter. It creates a new asset class, defines a perfection method tailored to that asset class, imports negotiability-style take-free rules, and sets a choice-of-law default.</p><p><strong>The new asset class: Controllable Electronic Records.</strong> Section 12-102(a)(1) defines a &#8220;controllable electronic record&#8221; (CER) as a record stored in an electronic medium that can be subjected to &#8220;control.&#8221; The definition is intentionally broad and technology-neutral. It plausibly covers Bitcoin and Ether, GENIUS Act payment stablecoins, DeFi receipt tokens (LP tokens, vault shares, liquid staking tokens), NFTs, tokenized real-world assets, tokenized off-chain loan obligations, and more. Importantly, &#8220;investment property&#8221; is carved out, so tokenized securities remain in the Article 8 regime, but parties can <em>elect</em> to treat a CER as an Article 8 &#8220;financial asset&#8221; if it&#8217;s held through a securities intermediary. [2]</p><p>CERs can also carry &#8220;tethered&#8221; payment rights as &#8220;controllable accounts&#8221; and &#8220;controllable payment intangibles&#8221; (CPIs). Together, the three categories (CERs, controllable accounts, and CPIs) form the &#8220;Digital Assets&#8221; universe under the Revised UCC.</p><p><strong>The perfection method: Article 12 Control.</strong> Section 12-105 defines when a person has &#8220;control&#8221; of a CER. The three elements are (i) the power to avail oneself of substantially all the benefit from the CER, (ii) the <em>exclusive</em> power to prevent others from doing the same <em>and</em> to transfer control to another person, and (iii) the ability to readily identify oneself as having those powers.</p><p>That&#8217;s statute-speak for something pretty simple: control means you hold the keys, you can spend the coins, you can keep others from spending them, and the system (whether that&#8217;s a blockchain, a custodian&#8217;s internal ledger, or a vault-and-registry combo) lets you prove it&#8217;s you.</p><p><strong>Take-free rules for qualifying purchasers.</strong> Section 12-104 brings holder-in-due-course doctrine to CERs. A &#8220;qualifying purchaser&#8221; (i.e., someone who obtains control of the CER &#8220;for value, in good faith, and without notice of a claim of a property right&#8221; in it) takes the CER free of prior property claims. [3] The rule is exactly what&#8217;s been missing from the crypto secondary market: a legal basis on which buyers can acquire digital assets <em>cleansed</em> of prior liens, just like a negotiable instrument transferee.</p><p><strong>Choice-of-law default.</strong> Section 12-107 sets up a choice-of-law waterfall. Parties can expressly designate a jurisdiction as the CER&#8217;s jurisdiction (as long as that jurisdiction has enacted the Amendments); if they don&#8217;t, the CER&#8217;s own &#8220;system&#8221; rules apply; and if that fails, the District of Columbia is the residual default.</p><p>Together these four moves turn Digital Assets from legal orphans into a proper asset class with a perfection regime, a priority scheme, and a transfer doctrine. That is not nothing.</p><h4><strong>Control, Properly Understood</strong></h4><p>The most consequential piece of Article 12 for Web3 practitioners is the control concept, because it finally reconciles commercial law with the actual architecture of digital asset custody.</p><p>The statute is drafted to be technology-neutral, which means Article 12 Control can be established through a lot of different arrangements:</p><ul><li><p>A custodian holding the assets in a pooled omnibus structure, so long as the custodian can identify the position as held for the purchaser.</p></li><li><p>An electronic vault or e-registry (think the MERS&#174; eRegistry system for e-Notes) where the system guarantees a unique authoritative copy and exclusive controller rights.</p></li><li><p>A self-custodied wallet, where the purchaser holds the private keys directly.</p></li><li><p>A multisig arrangement, which is the one I want to spend a minute on.</p></li></ul><p><strong>Multisig does not defeat exclusivity.</strong> This was a genuine open question before the Amendments, and the resolution is correct. Under &#167; 12-105(b)(2) and Official Comment 5, the exclusivity requirement is not defeated if power is shared with other persons, even if any party can act unilaterally, so long as the person seeking to establish control is not dependent on another person&#8217;s concurrent exercise of power. Translation: a 2-of-3 Safe where you hold one signer and a co-signer can act with either of the other two still lets you satisfy the control test, provided you can act on your own. If the arrangement required your signature plus someone else&#8217;s, you&#8217;d lose exclusivity on your own but might still have it jointly.</p><p><strong>Smart-contract liquidation does not defeat control.</strong> This is the one I think DeFi builders should have tattooed on their forearms. Under &#167; 12-105(b)(1), exclusivity is not impaired when control is limited by &#8220;a protocol programmed to cause a change, including a transfer or loss of control.&#8221; Official Comment 5 uses exactly this rationale: &#8220;a transfer of control resulting from a program that is a part of a system&#8217;s protocol is inherent in the controllable electronic record and does not impair the exclusivity of the power of the person in control of the record.&#8221;</p><p>That means if your collateral is sitting in a decentralized lending protocol and the smart contract is programmed to liquidate the position upon a health-factor breach, you can still have Article 12 Control of the collateral for UCC purposes. The protocol&#8217;s automated transfer doesn&#8217;t kill your control any more than the possibility of a bank&#8217;s setoff right kills your control over a deposit account. That clarification matters enormously for lending-against-DeFi-positions structures and for any credit arrangement where collateral lives inside a protocol rather than a custodian&#8217;s cold storage.</p><p><strong>Indirect control through another person.</strong> Section 12-105(e) lets a party have control <em>through</em> another person who acknowledges holding for them. Practically, this enables the collateral agent pattern that structured credit transactions already use for other asset classes: a third-party custodian holds the keys, acknowledges holding for the secured party, and the secured party is perfected by control.</p><p>This is the architecture that institutional crypto lending has already been building toward with qualified custodians, tri-party arrangements, and contractual priorities. Article 12 now provides the statutory backbone those arrangements have been missing.</p><h4><strong>Take-Free </strong></h4><p>If Article 12 Control is the piece practitioners will talk about, the take-free rules are the piece they <em>should</em> be talking about. Import holder-in-due-course doctrine into the crypto market and the consequences ripple outward in ways that haven&#8217;t fully registered yet.</p><p>The rule, again, is that a qualifying purchaser of a CER (for value, in good faith, without notice) takes the CER free of competing property claims. [4] Two points on top of that are worth underlining.</p><p><em>First</em>, the Revised UCC expands the &#8220;filing is not notice&#8221; rule to make clear that a filed UCC-1 financing statement does not, by itself, constitute notice to a qualifying purchaser of a CER. [5] This is a significant shift - previously, a secured party could file a UCC-1 and rely on constructive notice to defeat later purchasers. Under Article 12, that constructive notice doesn&#8217;t reach CER purchasers. If you want to bind a later purchaser of Bitcoin to your lien, filing is not enough: you have to prevent them from becoming a qualifying purchaser, which really means you need to take control yourself.</p><p><em>Second</em>, the take-free rule has a carve-out for CERs that represent off-chain interests. If the CER evidences an interest in an underlying asset (e.g., a token that represents a claim to a real-world asset held in a SPV) the qualifying purchaser takes the CER free of claims on the CER itself, but takes the <em>underlying interest</em> subject to existing property claims on that underlying. [6] For CERs with controllable payment rights tethered to them, the take-free protection extends to those payment rights. For CERs without any tethered interests (e.g., Bitcoin) the full take-free applies. <em>See</em> Uniform Commercial Code Amendments (2022), Prefatory Note to Article 12, Comment 3 (applying the qualifying purchaser standard to a hypothetical Bitcoin transaction).</p><p>What this means in practice: Bitcoin is now treated, for property-law purposes, closer to the way negotiable bearer paper has historically been treated. A tokenized real-world asset is closer to a bill of lading: the token cleanses, but only as to the token. And a stablecoin representing a dollar claim against an issuer gets take-free protection on the CER <em>and</em> the payment right, which is basically exactly the cash-like treatment the stablecoin industry has been asking for.</p><h4><strong>Control &gt; Filing</strong></h4><p>Under the Revised UCC, a security interest in a CER can still be perfected by filing. But Section 9-326A makes clear that a security interest perfected by Article 12 Control takes priority over one perfected by filing <em>even if the filing pre-dated the control</em>. [7] When two secured parties both have control, Section 9-322(a)(1)&#8217;s first-to-file-or-perfect rule decides priority. [8]</p><p>For leveraged finance, this is a real change. A syndicated credit agreement with an &#8220;all assets&#8221; security package and a filed UCC-1 no longer automatically has senior position on crypto collateral. A later lender who takes Control (e.g., through a tri-party custodial arrangement) <em>leapfrogs</em> the earlier filer.</p><p>If you work on leveraged credit facilities for companies that might hold CERs (and that increasingly means any company, not just the obvious ones, but treasury departments have been quietly accumulating BTC since 2021), you have a documentation problem to solve in the next twelve months:</p><ol><li><p>Audit existing facilities to see whether the borrower has CERs that your UCC-1 nominally covers but that a later Control-based lien could jump over.</p></li><li><p>Expand control agreement requirements, or at least blocked-wallet / custodial acknowledgment concepts, to cover CERs the borrower may hold.</p></li><li><p>Consider the Article 8 election. If the CERs are held through a securities intermediary, parties can elect to treat them as &#8220;financial assets&#8221; and perfect by securities account control agreement, which is a familiar playbook that doesn&#8217;t require climbing the Article 12 learning curve. [9]</p></li></ol><h4><strong>Electronic Money and the Stablecoin Question</strong></h4><p>The Amendments create a new collateral category &#8220;electronic money&#8221; defined as a medium of exchange authorized or adopted by a domestic or foreign government in electronic form. Central bank digital currencies would fit. The digital form of existing sovereign money (think a future Fed-authorized tokenized dollar) would fit. Payment stablecoins issued under the GENIUS Act would <em>not</em> fit this definition, because GENIUS Act stablecoins are issued by licensed private issuers, not governments; they are more naturally CERs with tethered payment rights.</p><p>For electronic money, the perfection rules are similar to those for CERs, with one important twist: a security interest in electronic money can <em>only</em> be perfected by control, not by filing. The only exception is when the electronic money constitutes identifiable cash proceeds of other collateral. If a CBDC ever arrives in the U.S. (which, per the current administration&#8217;s position, it very much won&#8217;t) this is the regime that would govern credit transactions collateralized by it.</p><p>For the stablecoin question, the more immediate and practical point is that Article 12 finally gives GENIUS Act payment stablecoins the commercial-law treatment their economics have always demanded. A well-structured payment stablecoin is a CER with a controllable payment intangible tethered to it. The qualifying purchaser takes free of competing claims on both the token and the redemption right. That is, legally, exactly how cash works. It&#8217;s the treatment the stablecoin industry has been pushing toward for years without having a statute that unambiguously delivered it.</p><h4><strong>The Choice-of-Law Trap</strong></h4><p>The most underappreciated risk in the whole regime is the choice-of-law trap.</p><p>As of April 2026, 34 jurisdictions have enacted the 2022 Amendments, and seven more (Alaska, Maryland, Massachusetts, Mississippi, Ohio, South Carolina, and Tennessee) have introduced legislation. That still leaves a meaningful number of states that have not adopted and have not introduced. A court sitting in one of those states, applying its own choice-of-law rules, might conclude that no jurisdiction&#8217;s version of Article 12 governs, and treat the CER as a mere &#8220;general intangible&#8221; under the pre-Amendments framework, without the take-free rules, without Control-based perfection, without the super-priority doctrine.</p><p>That&#8217;s a bad outcome, especially if you&#8217;re a qualifying purchaser who thought you took clean title, or a Control-based secured party who thought you had priority over an earlier filer.</p><p>The mitigation strategy is threefold, and it&#8217;s what practitioners should be inserting into every CER-touching deal now:</p><ul><li><p>Designate an enacting state as the CER&#8217;s jurisdiction under Section 12-107(c). New York is the obvious candidate for financial deals, since the financial contracts market is already predominantly New York-law governed.</p></li><li><p>Choose an enacting state&#8217;s law as the governing law of the underlying agreement.</p></li><li><p>Consider forum selection clauses that keep disputes in courts that have adopted the Amendments.</p></li></ul><p>None of this perfectly eliminates the risk, because a forum court is not bound to honor choice-of-law elections if it decides the relevant question is one of property rather than contract. But it substantially reduces the surface area, and it&#8217;s cheap to do.</p><p><em>The Revised UCC takes effect on June 3, 2026. The grace period runs through June 3, 2027.</em></p><p>[1] <em>See</em> N.Y. U.C.C. Law &#167;&#167; 12-101 et seq.</p><p>[2] N.Y. U.C.C. Law &#167; 8-102(a)(9)(iii).</p><p>[3] N.Y. U.C.C. Law &#167; 12-102(a)(2).</p><p>[4] N.Y. U.C.C. Law &#167; 12-104(e), (g)-(h).</p><p>[5] N.Y. U.C.C. Law &#167; 9-331(c).</p><p>[6] N.Y. U.C.C. Law &#167; 12-104(f).</p><p>[7] N.Y. U.C.C. Law &#167; 9-326A.</p><p>[8] <em>See</em> Uniform Commercial Code Amendments (2022) &#167; 9-326A cmt. 2.</p><p>[9] N.Y. U.C.C. Law &#167;&#167; 8-102(a)(9)(iii), 8-106(d).</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/control-is-the-new-possession?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/control-is-the-new-possession?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/control-is-the-new-possession?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[Between "Front-End" and "Broker"]]></title><description><![CDATA[What the New UI Provider Statement Means for DeFi]]></description><link>https://davidlopezkurtz.substack.com/p/between-front-end-and-broker</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/between-front-end-and-broker</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Wed, 15 Apr 2026 17:01:48 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!7h7K!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>On April 13, 2026, the SEC&#8217;s Division of Trading and Markets released a staff <a href="https://www.sec.gov/newsroom/speeches-statements/staff-statement-regarding-broker-dealer-registration-certain-user-interfaces-utilized-prepare-staff-statement-regarding-broker-dealer-registration-certain-user-interfaces-utilized">statement </a>that crypto practitioners have been waiting on for the better part of a year: formal guidance on when a user-facing interface that facilitates crypto asset securities transactions can operate *without* registering as a broker-dealer under Section 15(a) of the Securities Exchange Act of 1934. The short version: if your platform is a neutral tool (no custody, no advice, no discretion, no funny business with fees) the staff won&#8217;t recommend enforcement. For five years. Maybe.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!7h7K!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!7h7K!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 424w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 848w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 1272w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!7h7K!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png" width="401" height="444" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:444,&quot;width&quot;:401,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:372651,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/194124607?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!7h7K!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 424w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 848w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 1272w, https://substackcdn.com/image/fetch/$s_!7h7K!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F25dfbb40-8833-463d-a4de-c584edac7fed_401x444.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h4>What Problem Is This Solving?</h4><p>Under the Exchange Act, a &#8220;broker&#8221; is &#8220;any person engaged in the business of effecting transactions in securities for the account of others.&#8221; 15 U.S.C. &#167; 78c(a)(4)(A). Courts have interpreted &#8220;effecting transactions&#8221; broadly &#8212; routing orders, soliciting trades, handling funds, and providing transaction-related advice can all trigger registration obligations. [1] </p><p>The problem for crypto is that the line between &#8220;software tool&#8221; and &#8220;broker&#8221; has been unclear (to say the least). A non-custodial wallet that integrates a swap aggregator, a DEX front-end that routes trades across multiple liquidity pools, an app that compares execution venues for token trades - each of these <em>could</em> be characterized as &#8220;effecting transactions&#8221; under a sufficiently aggressive reading of existing caselaw.</p><p>The Crypto Task Force roundtables and written submissions throughout late 2025 and early 2026 surfaced this issue repeatedly. The Blockchain Association&#8217;s April 6, 2026, comment letter put it bluntly: providers of non-custodial wallet interfaces and DEX front-ends that neither control customer assets nor perform core trading functions are not securities intermediaries. The staff appears to have listened.</p><h4>The &#8220;Covered User Interface Provider&#8221; Framework</h4><p>The statement introduces the concept of a &#8220;Covered User Interface Provider&#8221; - an entity that operates a website, mobile application, or browser-based tool that helps users prepare and transmit crypto asset securities transactions through self-custodial wallets. The staff&#8217;s position is that such a provider need not register as a broker-dealer, provided it satisfies a detailed set of conditions.</p><p>I want to emphasize: this is a staff statement, not a Commission-level rule or interpretation. It is not legally binding. It doesn&#8217;t create rights or obligations enforceable in court. That said, what it does do is signal that the Division of Trading and Markets won&#8217;t recommend enforcement action against providers that color inside these lines. That matters (think of it as the practical equivalent of a conditional no-action position) but it&#8217;s a different animal from the Joint Interpretation the SEC and CFTC issued on March 17, which was a formal Commission action binding on both agencies. [2] </p><h4>The Conditions: Seven Pillars of Neutrality</h4><p>The conditions break down into roughly seven categories. Each is independently necessary. Miss one, and you&#8217;re back in broker-dealer territory.</p><ol><li><p><strong>No Recommendations, No Solicitation.</strong> The provider cannot recommend specific trades, suggest particular crypto asset securities, or solicit transactions. The interface must function as a passive tool through which users make their own decisions about what to buy, sell, or swap, in what quantity, and at what price.</p></li><li><p><strong>User Retains Full Control.</strong> The user must control all trade parameters &#8212; price, size, timing, execution preferences. The interface cannot override, modify, or constrain user choices in ways that reflect the provider&#8217;s judgment about what&#8217;s best for the user. Self-custody is assumed throughout.</p></li><li><p><strong>Objective Presentation of Options.</strong> If the interface displays multiple execution routes or venues, it must sort or filter them using objective, pre-disclosed criteria: price, speed, fee amount, liquidity depth. The provider cannot label any route as &#8220;best,&#8221; &#8220;preferred,&#8221; or &#8220;recommended.&#8221; No subjective characterizations, no editorial overlay.</p></li><li><p><strong>Fee Neutrality.</strong> Fees must be fixed, transparent, and applied consistently regardless of which asset is traded, which venue is selected, or what execution route is chosen. The provider&#8217;s compensation cannot vary based on trade outcomes, counterparty identity, or venue affiliation. If you&#8217;re currently earning revenue through route-dependent fee structures (and a lot of aggregators and wallet-integrated swap features are) this condition requires a fundamental business model rethink.</p></li><li><p><strong>Conflict Disclosure and Fair Treatment.</strong> If the provider is affiliated with a trading venue, liquidity pool, or other execution system, it must disclose that relationship prominently. Affiliated venues must be treated on the same terms as unaffiliated venues in how they&#8217;re presented and accessed through the interface.</p></li><li><p><strong>Comprehensive Disclosure Obligations.</strong> Providers must clearly communicate their non-registered status, their fee structures, their conflicts of interest, the mechanics of how the system works, their cybersecurity controls, and the limitations of the interface. The staff wants users to understand what they&#8217;re using and what protections they <em>don&#8217;t</em> have.</p></li><li><p><strong>Venue Monitoring.</strong> Providers must implement and maintain policies for evaluating connected trading venues on factors like liquidity, transparency, security, and reliability. These evaluations must be consistent across all integrated systems and subject to ongoing review. Default parameters must be based on objective criteria.</p></li></ol><h4>What (or who) is Still a Broker</h4><p>The statement explicitly carves out activities that remain squarely within the broker-dealer registration requirement: executing trades, holding or handling customer assets, providing investment advice, negotiating transactions, or exercising discretion over order routing or execution. If your platform does any of these things, you&#8217;re a broker. Full stop. The statement doesn&#8217;t change that.</p><p>This is worth emphasizing because there&#8217;s a natural tendency to read these kinds of staff positions as broader than they are. The statement protects a specific, narrow category of activity: providing a neutral software tool through which users independently prepare and submit transactions using their own wallets. The moment the provider&#8217;s thumb is on the scale (in any direction, for any reason) the protection evaporates.</p><h4>How This Fits Into the Broader Picture</h4><p>This statement doesn&#8217;t exist in a vacuum. It sits inside a rapidly evolving regulatory architecture that has taken shape over the past twelve months:</p><ul><li><p>The SEC/CFTC Joint Interpretation (Release No. 33-11412, March 17, 2026) established a five-part crypto asset taxonomy &#8212; digital commodities, digital collectibles, digital tools, stablecoins, and digital securities &#8212; and formally superseded the SEC staff&#8217;s 2019 Framework for &#8220;Investment Contract&#8221; Analysis of Digital Assets.</p></li><li><p>The GENIUS Act (Pub. L. No. 119-27), enacted in July 2025, created a statutory carve-out for payment stablecoins issued by permitted issuers.</p></li><li><p>The Division&#8217;s December 2025 statement on broker-dealer custody of crypto asset securities clarified how Rule 15c3-3 applies to private key management.</p></li><li><p>The DTC no-action letter (December 11, 2025) authorized a three-year pilot for tokenizing DTC-custodied assets on supported blockchains.</p></li></ul><p>Today&#8217;s statement is the next tile in the mosaic by addressing the front-end layer, the interfaces through which retail and institutional users actually interact with onchain markets, and does so in a way that&#8217;s consistent with the trajectory of the Crypto Task Force comment letters, which have consistently argued that software providers who don&#8217;t control assets, don&#8217;t exercise discretion, and don&#8217;t intermediate trades shouldn&#8217;t be forced into the broker-dealer box.</p><h4>Five-Year Sunset</h4><p>The framework has a built-in expiration: five years from issuance, unless superseded by Commission-level rulemaking or legislation. The staff clearly expects that either the forthcoming &#8220;Reg Crypto&#8221; exemptive framework (currently under OIRA review) or a comprehensive market structure bill from Congress will provide a more durable answer before then. All of that said, read the actual statement. The conditions are detailed and the distinctions matter. Further, it is really important to remember that staff-level guidance is not a safe harbor, it&#8217;s a weather forecast, and a forcast won&#8217;t keep you dry if it storms.</p><p>[1] See, e.g., <em>SEC v. Kramer</em>, 778 F. Supp. 2d 1320 (M.D. Fla. 2011); <em>SEC v. Hansen</em>, No. 83 Civ. 3692, 1984 WL 2413 (S.D.N.Y. Apr. 6, 1984).</p><p>[2] See &#8220;Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets,&#8221; Release No. 33-11412, 91 Fed. Reg. 13,714 (Mar. 23, 2026).</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/between-front-end-and-broker?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/between-front-end-and-broker?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/between-front-end-and-broker?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><strong>What kind of lawyer would I be without a disclaimer?</strong></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[The (Crypto) Startup Guide]]></title><description><![CDATA[Chapter IV: An Introduction to Regulation and Regulators]]></description><link>https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-361</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-361</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 13 Apr 2026 16:30:18 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!4Pn7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Alright! We made it to Chapter IV of this guide. Like I said at the beginning of <a href="https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide">Chapter I</a>, since I started working in this space (2016! I was still in school!) the biggest hurdle for clients, prospective clients, and even colleagues has been ensuring everyone is speaking the same language. This is particularly difficult when you are working in a space where things are constantly changing. What was crypto became web3 because crypto and back and forth we have gone. What is cutting edge today may be blas&#233;, cringe, or even illegal tomorrow. Opaque terminology, regulation through enforcement, and breakneck speed combined to bolster barriers to entry for creators and entrepreneurs alike. So, my job more often than not has been to provide some kind of baseline, allowing interested parties to have productive conversations. Along the way, something of a guide was pulled together, and now I am publishing it here for the collective good. Hopefully, the guide successfully breaks down some of these barriers and serves as a community good. This chapter introduces the regulatory bodies most relevant to crypto startups, and provides a very high level overview of the current legislative and regulatory landscape.</em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!4Pn7!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!4Pn7!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 424w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 848w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 1272w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!4Pn7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png" width="592" height="870" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:870,&quot;width&quot;:592,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1085954,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/190767179?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!4Pn7!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 424w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 848w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 1272w, https://substackcdn.com/image/fetch/$s_!4Pn7!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F57497ca3-7bf0-49ea-a462-d16f1b0d1411_592x870.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h3>The Securities and Exchange Commission (SEC)</h3><p>The SEC regulates the issuance and transfer of securities in both primary and secondary markets. Its broad statutory mandate puts the Commission at the center of digital asset regulation, particularly for startups that issue tokens, coins, or any other instrument that may qualify as an investment contract.</p><h4>When Is a Crypto Asset a Security?</h4><p>The foundational question for every crypto project is whether its tokens or digital assets constitute &#8220;investment contracts&#8221; under the framework established by SEC v. W.J. Howey Co. An investment contract exists where there is (1) an investment of money, (2) in a common enterprise, (3) with a reasonable expectation of profit, (4) derived from the efforts of others. If a token satisfies these elements, it is a security subject to the full panoply of federal securities laws&#8212;including registration requirements, disclosure obligations, and anti-fraud provisions.</p><p>The SEC&#8217;s 2019 Framework for &#8220;Investment Contract&#8221; Analysis of Digital Assets provided granular guidance on the third and fourth prongs, emphasizing that the more active a promoter is in the development and operation of the token network and its market, the more likely it is that the token will be treated as a security. The framework remains relevant, but the analytical landscape has continued to evolve through enforcement actions, court decisions, and, increasingly, affirmative guidance from the Commission.</p><h4>The Shift Under Chairman Atkins</h4><p>The SEC&#8217;s approach to digital assets underwent a fundamental transformation beginning in January 2025, when Acting Chairman Mark Uyeda established the Crypto Task Force under Commissioner Hester Peirce&#8217;s leadership. The task force was explicitly designed to move the Commission away from regulation-by-enforcement and toward a comprehensive, transparent regulatory framework.</p><p>When Chairman Paul Atkins took office in April 2025, he accelerated this shift. The Commission held a series of public roundtables on topics including the securities status of digital assets, public offerings, exemptions and safe harbors, and trading and custody requirements. In July 2025, Atkins unveiled &#8220;Project Crypto&#8221;&#8212;a Commission-wide initiative to modernize securities regulation for digital assets&#8212;and directed staff to develop a comprehensive framework to facilitate crypto asset distributions within the United States. Atkins stated publicly that, in his view, most crypto assets are not securities, and that classification as a security should not be a deterrent to development.</p><p>In November 2025, Atkins outlined the next phase: a token taxonomy anchored in the Howey investment contract analysis, designed to provide clearer guidance on which tokens fall within the SEC&#8217;s jurisdiction. In January 2026, the Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets jointly issued a statement elaborating this taxonomy for tokenized securities.</p><p>Formal rulemaking is expected in 2026, with proposals anticipated for a comprehensive crypto asset framework and amendments to the Securities Exchange Act of 1934 to accommodate crypto trading on exchanges and alternative trading systems. For founders, the practical takeaway is that the regulatory posture has changed&#8212;but the rules have not yet been rewritten. Operating as though compliance is optional because the political winds have shifted is a serious mistake.</p><h4>Stablecoins</h4><p>In April 2025, the Division of Corporation Finance issued a staff statement analyzing whether transactions in stablecoins are subject to federal securities laws. The statement concluded that certain &#8220;covered stablecoins&#8221;&#8212;those designed to maintain a 1:1 peg to the U.S. dollar, backed by reserves of cash and short-term U.S. Treasuries, and redeemable on demand&#8212;do not involve the offer and sale of securities. This guidance was subsequently reinforced by the GENIUS Act, signed into law in July 2025, which established a federal regulatory framework for payment stablecoins and expressly provides that qualifying payment stablecoins are neither securities nor commodities.</p><h4>Bitcoin</h4><p>The SEC has consistently maintained that Bitcoin is not a security, on the basis that its consensus mechanism is too decentralized to constitute an enterprise controlled by a promoter or third party. This position has been reaffirmed across multiple administrations and is unlikely to change.</p><h3>The Commodity Futures Trading Commission(CFTC)</h3><p>The CFTC regulates the sale and transfer of commodities, derivatives, and futures contracts. The Commission&#8217;s jurisdiction over digital assets arises from the Commodity Exchange Act&#8217;s broad definition of &#8220;commodity,&#8221; which encompasses &#8220;all services, rights, and interests&#8230;in which contracts for future delivery are presently or in the future dealt in.&#8221; The CFTC has interpreted this language to encompass virtual currencies and certain digital assets&#8212;most notably, Ethereum has been treated as a commodity under this standard.</p><h4>When Are Digital Assets Commodities?</h4><p>The line between a security and a commodity remains one of the most contested questions in digital asset regulation. The CLARITY Act, which passed the House in July 2025, proposes to resolve this by creating a taxonomy that divides crypto assets into digital commodities, investment contract assets, and permitted payment stablecoins&#8212;with the CFTC exercising primary jurisdiction over digital commodities and the SEC over investment contract assets. If enacted in its current form, the CLARITY Act would provide the clearest jurisdictional framework the industry has seen. Until then, the analysis remains fact-specific and the outcome can depend on which regulator reaches a given asset first.</p><h4>SEC-CFTC Coordination</h4><p>In September 2025, Chairman Atkins and Acting CFTC Chairman Caroline Pham issued a joint statement formalizing their commitment to harmonize digital asset regulation. The statement previewed potential joint actions including expanded trading hours, coordinated margin requirements, and safe harbors for peer-to-peer spot crypto trading. With Michael Selig&#8212;former chief counsel of the SEC&#8217;s Crypto Task Force&#8212;confirmed as CFTC chairman, the two agencies are better positioned for coordination than at any point in the history of digital asset regulation.</p><h4>Futures and Swaps</h4><p>If your company allows users to exchange futures contracts or hedge the value of a digital asset, it is likely subject to CFTC registration requirements. The CFTC has brought numerous enforcement actions against crypto platforms operating unregistered futures exchanges, and this area of enforcement has continued regardless of the broader shift in regulatory posture.</p><h3>The United States Treasury</h3><h4>FinCEN</h4><p>The Financial Crimes Enforcement Network (FinCEN) is a bureau of the Treasury Department responsible for policing financial crime and regulating money services businesses (MSBs). Companies engaged in the exchange of virtual currency for fiat currency, or that issue or administer virtual currencies, may qualify as MSBs and must comply with the Bank Secrecy Act, including know-your-customer (KYC) requirements, anti-money laundering (AML) obligations, and suspicious activity reporting.</p><p>Determining whether your company qualifies as an MSB is one of the most important regulatory questions a crypto startup can ask&#8212;particularly if your business processes payments, facilitates exchanges, or provides custodial services involving digital assets. State-level money transmitter licensing adds an additional layer of complexity, as requirements vary significantly across jurisdictions.</p><h4>The IRS</h4><p>The IRS treats crypto as property&#8212;analogous to stock, bonds, and other capital assets. Accordingly, U.S. taxpayers must report a range of crypto transactions, including sales, exchanges, and conversions. If your startup involves a crypto exchange, staking rewards, mining, yield farming, or other income-producing activities, you must ensure compliance with federal tax obligations. The IRS has also intensified its enforcement focus on crypto tax reporting in recent years, and the information reporting requirements imposed on centralized exchanges and brokers continue to expand.</p><h3>The Legislative Landscape</h3><p>The regulatory framework for digital assets in the United States is being reshaped by legislation, not just agency action. Two statutes enacted in 2025 are particularly consequential.</p><h4>The GENIUS Act</h4><p>The Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), signed into law on July 18, 2025, is the first federal legislation specifically addressing digital assets. The Act establishes a comprehensive regulatory framework for payment stablecoins, requiring issuers to maintain reserves backing outstanding stablecoins on at least a 1:1 basis with U.S. dollar-denominated assets (primarily cash and short-term U.S. Treasuries). Issuers are prohibited from paying interest or yield on payment stablecoins, and qualifying stablecoins are expressly excluded from the definitions of &#8220;security&#8221; and &#8220;commodity&#8221; under federal law.</p><p>For crypto startups, the GENIUS Act provides critical clarity: if your product involves a payment stablecoin, the regulatory pathway is now defined by statute rather than by enforcement discretion.</p><h4>The CLARITY Act</h4><p>The Digital Asset Market Clarity Act of 2025 (the CLARITY Act) passed the House on July 17, 2025, and is pending in the Senate as of this writing. The Act&#8217;s core innovation is a three-part taxonomy that divides crypto assets into digital commodities, investment contract assets, and permitted payment stablecoins, with regulatory jurisdiction allocated between the CFTC and SEC based on classification. The Act would also establish registration pathways for digital asset trading platforms, custodians, and dealers.</p><p>If the CLARITY Act becomes law in substantially its current form, it will represent the most significant structural reform of U.S. securities and commodities regulation in decades. Founders should monitor its progress closely and plan for the possibility that the rules governing their tokens, platforms, and business models may change materially within the next legislative cycle.</p><h3>Enforcement Actions and Investigations</h3><p>Even in a more favorable regulatory environment, enforcement actions and investigations remain a reality for crypto companies. Having an expectation for the process, understanding how to comply, and knowing what regulators look for is key to mitigating liability. Regulators across administrations have consistently rewarded cooperation and good-faith compliance from companies that demonstrate a genuine effort to operate within the rules.</p><h4>How Investigations Begin</h4><p>Investigations can originate from several sources: market surveillance, referrals from other agencies, whistleblower tips, or self-reporting by the company. Understanding how an investigation originated can inform your response strategy and help you anticipate the scope of the inquiry.</p><h4>Agency Coordination</h4><p>Agencies routinely coordinate on digital asset enforcement. The SEC and FINRA frequently bring parallel actions, as do the SEC and DOJ (where the conduct implicates criminal law). The CFTC and DOJ similarly coordinate where commodities fraud is alleged. State regulators and international authorities may also be involved, particularly where the company operates across borders.</p><p>If a peer company becomes the subject of an investigation, take it seriously: conduct an internal review to determine whether your operations share any of the characteristics that attracted regulatory attention. Proactive self-assessment is far less expensive than reactive defense.</p><h4>Subpoenas and Formal Requests</h4><p>Formal investigations typically involve written demands to produce records and information. The DOJ issues grand jury subpoenas; executive agencies issue administrative subpoenas or formal orders of investigation. A critical point: corporations do not enjoy Fifth Amendment protection against self-incrimination, so a corporate subpoena recipient cannot refuse to produce records on that basis.</p><p>If you receive an administrative subpoena, engaging in dialogue with the issuing agency can be productive. Depending on the circumstances, negotiation may lead to a narrower scope, an opportunity to present your perspective on the facts, or&#8212;in the best case&#8212;a decision not to proceed. Retain experienced counsel immediately upon receiving any formal request.</p><h4>Whistleblowing</h4><p>Federal whistleblower programs continue to grow in scope and activity. The Dodd-Frank Act&#8217;s SEC whistleblower program, Sarbanes-Oxley&#8217;s protections for corporate insiders, and the Anti-Money Laundering Act&#8217;s expanded Treasury whistleblower program all incentivize individuals to report potential misconduct. The AMLA has particular relevance for crypto companies: it bolstered the whistleblower program within the Treasury Department, with direct implications for companies subject to the Bank Secrecy Act&#8212;including money services businesses that deal in virtual currencies.</p><p>Your compliance program should include easily accessible whistleblower information and robust anti-retaliation policies. Creating a culture that takes compliance seriously and respects the importance of internal reporting mechanisms is both a legal obligation and a practical necessity.</p><h4>Self-Reporting</h4><p>Self-reporting&#8212;voluntarily disclosing potential violations to regulators&#8212;can provide tangible benefits. Leadership from both the SEC and DOJ has emphasized that self-reporting often leads to reduced penalties or declinations. A secondary benefit is control: by acting first, your company can shape the narrative and direction of any resulting inquiry, rather than being in a purely reactive posture.</p><p>Self-reporting should not be undertaken without a careful cost-benefit analysis. Factors to consider include the magnitude of the suspect activity, the likelihood it will be detected through other means, the legal risk involved, the costs of cooperation, the potential reputational impact, and the effect on shareholders and investors. Not every compliance gap warrants voluntary disclosure to federal regulators.</p><h4>Preserving Data</h4><p>The moment you become aware of a potential investigation, you must take immediate steps to preserve all relevant information. Document destruction&#8212;even of seemingly inconsequential data&#8212;can lead to obstruction charges, adverse inferences, and separate penalties that may exceed the liability for the underlying conduct. Legal holds should be implemented promptly, automated deletion processes should be suspended, and employees should be notified of their preservation obligations.</p><p>Crypto companies should be particularly diligent about communications hygiene. The SEC, CFTC, and FINRA have made recordkeeping a priority enforcement area, levying substantial fines against financial institutions whose employees conducted business on unapproved messaging platforms. If your team works remotely&#8212;as most crypto companies&#8217; teams do&#8212;ensure that business communications occur on approved, monitored, and retained platforms.</p><h4>Internal Investigations</h4><p>Internal investigations are a powerful tool when facing regulatory scrutiny. By independently gathering facts and assessing the situation, you position the company to respond more effectively, cooperate more credibly, and control the narrative. Without an internal investigation, cooperation with regulators is harder to calibrate, and the process is more likely to produce unfavorable outcomes.</p><p>The downside is cost. Before launching an internal investigation, assess whether the expense is justified by the magnitude of the risk. And if you proceed, ensure the investigation is conducted by qualified outside counsel with experience in the relevant regulatory area. A poorly executed internal investigation&#8212;one that appears biased, incomplete, or sloppy&#8212;can do more harm than no investigation at all.</p><h4>Attorney-Client Privilege</h4><p>The attorney-client privilege protects communications made for the purpose of obtaining legal advice. Upon learning of a potential investigation, take immediate steps to ensure that privileged communications are preserved and not inadvertently disclosed. Retaining outside counsel is advisable for several reasons: it creates a clearer privilege boundary than in-house communications (which may be characterized as business rather than legal advice), it adds credibility with regulators, and it provides access to specialized expertise.</p><p>Be cautious about disclosing privileged information in exchange for leniency. Once the privilege is waived, it is waived permanently&#8212;and the disclosed information may be used by third parties in ways you did not anticipate. The preferred approach is to compile a factual presentation based on the results of your internal investigation without revealing work product or internal legal analysis.</p><h3>Cooperation Frameworks</h3><p>Every major federal agency has its own framework for crediting cooperation. Understanding what each agency expects is essential for any company navigating an enforcement inquiry.</p><h4>DOJ</h4><p>Federal prosecutors evaluate cooperation under the Filip Factors&#8212;eleven considerations that guide charging decisions for corporate criminal violations. The cooperation standard requires disclosure of complete factual information about the individuals substantially involved in or responsible for the misconduct. This is a high bar, but the Department recognizes that access to information may be limited in some circumstances.</p><h4>SEC</h4><p>The SEC&#8217;s Seaboard Report (2001) establishes the framework for crediting cooperation. Key factors include the extent to which the company was self-policing before the violation was discovered, whether the company self-reported the violation, the extent of remedial efforts taken after discovery, and the degree to which the company worked with law enforcement. Companies that score well across these factors may receive reduced sanctions or even a recommendation of no action.</p><h4>CFTC</h4><p>The CFTC has made clear that ordinary cooperation is insufficient for credit. Cooperation must be &#8220;sincere, robustly cooperative and indicative of a willingness to accept responsibility.&#8221; The agency evaluates the value of the cooperation to the investigation, its value to the CFTC&#8217;s broader enforcement interests, and the culpability of the company.</p><h4>OFAC</h4><p>The Office of Foreign Assets Control evaluates cooperation based on whether the organization self-disclosed voluntarily, provided all relevant information, investigated and disclosed all potential violations, and responded to the agency&#8217;s requests in a timely manner. OFAC sanctions can carry severe penalties, and proactive cooperation is one of the most effective mitigants available.</p><h3>Looking Ahead</h3><p>The regulatory environment for crypto and digital assets is in a period of rapid, structural change. The enforcement-heavy posture of the prior administration has given way to an affirmative effort to build fit-for-purpose regulatory frameworks through legislation, rulemaking, and interagency coordination. The GENIUS Act and CLARITY Act represent the first wave of statutory reform. Project Crypto and the SEC&#8217;s forthcoming token taxonomy represent the agency-level counterpart. And the coordination between the SEC and CFTC under their current leadership suggests that the jurisdictional turf wars that plagued the industry for years may finally be giving way to a more coherent regime.</p><p>None of this means that compliance is less important. If anything, the transition from enforcement-first to framework-first regulation raises the stakes for companies that fail to engage with the emerging regime. The companies that will benefit most from the new regulatory landscape are those that have been building compliance infrastructure all along&#8212;maintaining clear records, making good-faith classification decisions, engaging with counsel, and positioning themselves to take advantage of safe harbors and exemptions as they become available.</p><p>For crypto founders, the message is clear: the regulatory environment is more favorable than it has ever been, but it is still just as complex. </p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-361?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-361?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-361?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><p><strong>What kind of lawyer would I be without a disclaimer?</strong></p><p><em>Everything I post here constitutes my own thoughts (or in this case, the thoughts of the guest poster), should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p>]]></content:encoded></item><item><title><![CDATA[The (Crypto) Startup Guide]]></title><description><![CDATA[Chapter III: Capital Formation and Equity]]></description><link>https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-e68</link><guid isPermaLink="false">https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-e68</guid><dc:creator><![CDATA[David Lopez-Kurtz]]></dc:creator><pubDate>Mon, 06 Apr 2026 16:30:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!HrQy!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Back in the saddle and, despite taking months after publishing <a href="https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide">Chapter I</a>, we should be getting this published just a week after <a href="https://davidlopezkurtz.substack.com/p/5a224693-09d9-44f8-a044-b73d29514355?postPreview=paid&amp;updated=2026-03-12T19%3A31%3A19.411Z&amp;audience=everyone&amp;free_preview=false&amp;freemail=true">Chapter II</a> (with Chapter IV to come a week after today). Handling your company&#8217;s capital structure is integral to long-term success. There is no replacement for a well-developed business model, but well-managed capital formation can be the difference between a startup that scales and one that stalls. This chapter covers the full arc of capital formation for crypto startups: from structuring founder and employee equity, through navigating the federal exemption landscape, to the specific considerations that apply to token-based capital formation. I would hope that this goes without saying, but if you are new here, please THIS GUIDE DOES NOT TAKE THE PLACE OF ENGAGING COMPETENT LEGAL COUNSEL. It is important for all businesses, but particularly for those building on the edge of new and emerging technology and regulaation, to consult with legal counsel early and often. The easiest way to solve a problem is to avoid it in the first place (I promise). </em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!HrQy!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!HrQy!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 424w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 848w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 1272w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!HrQy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png" width="586" height="828" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:828,&quot;width&quot;:586,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:992987,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://davidlopezkurtz.substack.com/i/190764956?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!HrQy!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 424w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 848w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 1272w, https://substackcdn.com/image/fetch/$s_!HrQy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F41ba47cf-412f-4798-9ae2-fc8ec2db3a83_586x828.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Web3 vs. the Law  is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h3>Founder and Employee Equity</h3><h4>Founder Issuances</h4><p>Founders need to be compensated for their work in building the company. Most founders receive a substantial equity issuance during the company&#8217;s earliest stages. The terms of this issuance, including transfer restrictions, vesting schedules, repurchase rights, and any lock-up provisions, should be negotiated carefully and memorialized in a stock purchase agreement or restricted stock agreement.</p><p>Because every shareholder must pay adequate consideration for their shares, corporations typically issue shares to founders at par value&#8212;the lowest permissible price. Founders should consult with tax counsel regarding the tax implications of any issuance below fair market value. An alternative approach is for founders to pay for their shares with the value of intellectual property or other assets contributed to the enterprise, though valuation in this context requires careful documentation.</p><p>It is important that founders retain independent counsel during equity negotiations, particularly where the interests of co-founders or early investors diverge. The terms set at inception (board composition, protective provisions, anti-dilution protections) compound over time and become very difficult to renegotiate later.</p><h4>Employee Stock Plans</h4><p>Stock plans allow employees to acquire ownership in the company over time, aligning their incentives with the company&#8217;s performance. Employees typically contribute through payroll deductions that accumulate until a designated purchase date, at which point shares are purchased at a discount. Beyond the retention incentives, equity-based compensation enjoys favorable tax treatment compared to equivalent cash outlays, making it an efficient tool for startups operating with limited cash reserves.</p><p>The board must determine how many shares to reserve for the employee equity pool and approve the plan, which then requires written consent from the stockholders. The size of the equity pool is a negotiation point in every funding round: investors want it large enough to attract talent but small enough to limit dilution.</p><h4>Stock Option Agreements</h4><p>Stock option agreements grant employees the right to purchase shares at a specified exercise price for a defined period. If the share price appreciates above the exercise price, the employee realizes a gain upon exercise. Options are the most common form of employee equity compensation in venture-backed startups because they provide meaningful upside without requiring employees to invest capital upfront.</p><p>Two varieties dominate: Incentive Stock Options (ISOs), which receive favorable tax treatment under Section 422 of the Internal Revenue Code but are limited to employees and carry annual exercise limits, and Non-Qualified Stock Options (NQSOs), which can be granted to employees, advisors, and consultants without the same restrictions but are taxed as ordinary income on exercise.</p><h4>Token Plans</h4><p>Many crypto companies reward employees with tokens in addition to or instead of traditional equity. Functionally, token plans operate similarly to stock plans&#8212;but the regulatory analysis is different. Because the SEC does not treat all tokens identically, and because the securities classification of a given token may depend on the state of the network at the time of distribution, companies issuing tokens to employees must consult with counsel to determine whether the issuance triggers registration requirements or qualifies for an exemption.</p><p>The CLARITY Act&#8217;s proposed taxonomy&#8212;distinguishing digital commodities from investment contract assets&#8212;may eventually provide clearer guidance for token-based compensation. Until formal rules are finalized, companies should err on the side of compliance and document the basis for their classification decisions.</p><h3>Vesting</h3><h4>The Purpose of Vesting</h4><p>Vesting allows the company to stagger or delay equity issuances according to how long an employee or founder has been with the company. The standard structure is a four-year vesting schedule with a one-year cliff: no shares vest until the first anniversary of the commencement date, at which point 25% of the granted shares vest, with the remainder vesting monthly or quarterly over the subsequent three years.</p><p>Vesting serves two purposes. It incentivizes retention&#8212;the longer an individual stays, the more equity they earn. And it protects the company: unvested shares can be forfeited or repurchased (typically at cost) if the individual departs, preventing former employees from retaining a disproportionate share of the company&#8217;s equity.</p><h4>What Investors Expect</h4><p>Investors will expect founders to vest their shares. The rationale is straightforward: vesting ensures that founders remain incentivized to continue building the company, rather than walking away with a large equity stake. It is customary for founders to begin vesting from the date of incorporation, which provides credit for the work already invested in getting the company off the ground.</p><h4>Acceleration Clauses</h4><p>Founders should negotiate for acceleration provisions that accelerate vesting upon the occurrence of specified trigger events. Single-trigger acceleration vests all or a portion of shares upon a single event&#8212;typically an acquisition or change of control. Double-trigger acceleration, which venture investors generally prefer, requires two events: a change of control and the termination of the founder&#8217;s employment without cause within a specified window following the transaction. Double-trigger provisions protect investors from founders who might be incentivized to pursue an acquisition solely to accelerate their vesting.</p><h4>83(b) Elections</h4><p>Section 83(b) of the Internal Revenue Code permits individuals who receive restricted property (including unvested stock) to elect to recognize the income at the time of receipt rather than at the time of vesting. The practical effect is that the individual pays taxes on the fair market value of the shares at grant&#8212;typically a very low amount for early-stage companies&#8212;rather than on the potentially much higher value at the time each tranche vests.</p><p>To make a valid 83(b) election, you must file a written election with the IRS within 30 days of receiving the restricted stock. This deadline is absolute and cannot be extended. File three copies: one with the IRS, one with your employer, and one for your personal records. Use certified mail with return receipt requested.</p><p>For founders receiving shares at par value in an early-stage company, the 83(b) election is almost always advisable&#8212;the tax cost at filing is nominal, and the potential savings as the company appreciates can be substantial. However, the analysis changes if the shares are not purchased at a nominal price or if there is meaningful risk the company will fail before the shares vest. Consult with tax counsel before making or declining to make an 83(b) election.</p><p>Non-U.S. residents should be aware that they can still be subject to U.S. taxation on equity received from U.S. companies. The interaction of 83(b) elections with foreign tax obligations requires specialized advice.</p><h3>Raising Outside Capital: The Exemption Landscape</h3><p>Companies that need capital beyond what founders can contribute must raise it from outside investors. Unless your company has reached the scale and maturity to justify a registered public offering, you will rely on exemptions from SEC registration. Understanding the exemption landscape is essential for any crypto founder planning a fundraise.</p><h4>Regulation D</h4><p>Regulation D is the most commonly used exemption framework for private capital formation. It offers three pathways, each with distinct parameters.</p><p>A note on bad actors - if key individuals or entities associated with your company have prior securities law violations, the company may be disqualified from using certain exemptions (including Rules 506(b) and 506(c)). The disqualification provisions are broad, covering the issuer, its directors, officers, general partners, managing members, and holders of more than 20% of the outstanding voting equity. The violations that trigger disqualification are serious&#8212;criminal convictions, regulatory orders, SEC disciplinary actions. So, be carefuly who you do business with. </p><h4>Rule 504</h4><p>Rule 504 permits offerings of up to $10 million with no limit on the number of investors. General solicitation is prohibited unless the issuer meets specific state law requirements. Rule 504 is less commonly used by venture-backed startups but can be useful for smaller raises where the accredited investor restrictions of Rule 506 are impractical.</p><h4>Rule 506(b)</h4><p>Rule 506(b) permits an unlimited raise from an unlimited number of accredited investors and up to 35 non-accredited investors per 90-day period. The critical limitation is a ban on general solicitation: the issuer cannot advertise the offering or sell to investors with whom it has no pre-existing substantive relationship. Rule 506(b) is the workhorse exemption for early-stage fundraising, particularly for companies that rely on warm introductions and established investor networks.</p><h4>Rule 506(c)</h4><p>Introduced by the JOBS Act, Rule 506(c) permits general solicitation and advertising, provided that all investors are accredited and the issuer takes reasonable steps to verify their accredited status. Verification requires more than self-certification&#8212;issuers must review income documentation, net worth statements, or third-party verification letters. Despite the solicitation benefit, many issuers prefer 506(b) to avoid the verification burden, though 506(c) has become more attractive as verification services have become cheaper and more streamlined.</p><h4>Regulation A+</h4><p>Regulation A+ provides a scaled pathway for companies that want access to non-accredited investors without a full registration. It offers two tiers.</p><p>Tier 1 permits offerings of up to $20 million in a 12-month period. Tier 1 issuers must register their offering with each state in which they sell securities, which adds cost and complexity. Tier 2 permits offerings of up to $75 million and preempts state registration requirements, but imposes ongoing SEC reporting obligations and limits non-accredited investor participation. Both tiers require a qualified offering statement&#8212;a process less burdensome than a full S-1 registration but more involved than a Reg D filing.</p><p>Reg A+ has found a niche with crypto and digital asset companies that want broader retail participation in their offerings. Several token issuers have used Tier 2 offerings to distribute tokens to both accredited and non-accredited investors with SEC qualification.</p><h4>Regulation Crowdfunding (Reg CF)</h4><p>Reg CF, enacted as part of the JOBS Act, permits offerings of up to $5 million in a 12-month period through SEC-registered online funding portals. Individual investment limits apply: investors with annual income or net worth below $124,000 may invest the greater of $2,500 or 5% of the lesser of their income or net worth. Investors above that threshold may invest up to 10% of the lesser of their income or net worth, capped at $124,000 per year. Accredited investors are not subject to these limits. Reg CF securities are subject to a 12-month resale restriction.</p><p>Reg CF has become an increasingly popular tool for early-stage crypto companies that want to build community ownership alongside their product. The funding portal requirement adds a layer of oversight but also provides a structured distribution channel.</p><h4>Regulation S</h4><p>Regulation S exempts offerings conducted entirely outside the United States from SEC registration. To qualify, the offer must be an offshore transaction&#8212;meaning the offer is not made to a person in the United States, and the buyer is outside the United States at the time the buy order originates&#8212;and there can be no directed selling efforts within the United States. Reg S is commonly used by crypto projects with global user bases that want to distribute tokens to non-U.S. participants without triggering SEC registration requirements.</p><h4>A Note on Simple Agreements for Future Equity (SAFEs)</h4><p>SAFEs, popularized by Bay area accelerator, Y Combinator, are the standard instrument for early-stage equity fundraising. A SAFE &#8220;note&#8221; is not debt: it is an agreement that converts into equity upon a future financing event, typically at a discount or subject to a valuation cap. SAFEs have become the default instrument for pre-seed and seed rounds because (in theory) they are fast, cheap, and avoid the complexity of pricing a round before the company has meaningful traction. </p><h4>Intrastate Exemptions</h4><p>The SEC provides exemptions for purely intrastate offerings under Section 3(a)(11) and Rules 147 and 147A. These require that all purchasers reside within a single state and that the issuer is incorporated in and conducts significant business within that state. Given the inherently borderless nature of most crypto businesses, intrastate exemptions are rarely viable for digital asset companies.</p><h4>Rule 701</h4><p>Shares issued to employees under a compensatory stock plan may qualify for exemption under Rule 701. Companies can sell at least $1 million in securities under this exemption regardless of their size, with higher thresholds available based on total assets or outstanding securities. Rule 701 is not available to publicly reporting companies.</p><h3>Token-Specific Fundraising</h3><p>Just as traditional companies issue stocks and bonds to fund their operations, many crypto companies issue tokens. Token issuances present unique legal challenges because the securities classification of a token depends on its specific characteristics, the state of the underlying network, and the expectations of purchasers at the time of the distribution.</p><h4>Initial Coin Offerings (ICOs)</h4><p>ICOs were the dominant fundraising mechanism for crypto projects from roughly 2017 through 2019. An ICO functions like a public offering of tokens: the project publishes a white paper describing the proposed network or application, and purchasers acquire tokens using fiat currency or other cryptocurrency. The SEC&#8217;s 2017 Report on The DAO established that ICOs can constitute securities offerings, and the subsequent enforcement wave made unregistered ICOs effectively untenable for projects with meaningful U.S. exposure. While the regulatory environment has become more nuanced under the current administration, the lesson remains: token offerings that satisfy the Howey test are securities offerings, regardless of their label.</p><h4>Initial Exchange Offerings (IEOs)</h4><p>IEOs are administered by registered cryptocurrency exchanges, which conduct due diligence on the issuing project and facilitate the token sale through their platform. The exchange&#8217;s involvement adds a layer of vetting that ICOs lack, and the listing provides immediate secondary market liquidity. However, IEOs do not automatically resolve the securities analysis&#8212;if the underlying token is a security, the exchange may need to be registered as a broker-dealer or alternative trading system.</p><h4>Simple Agreements for Future Tokens (SAFTs)</h4><p>SAFTs emerged around 2017 as a response to the regulatory uncertainty surrounding token issuances. A SAFT is an investment contract that gives the holder a right to receive utility tokens upon the occurrence of a future event&#8212;typically the launch of a functional network. The theory was that the SAFT itself is a security (and can be offered under a Reg D exemption to accredited investors), but the utility tokens delivered upon network launch are not securities because they have functional utility rather than investment characteristics.</p><p>The SAFT framework has been debated extensively, and its viability depends on the specific facts of each token and network. Courts and regulators have not uniformly endorsed the SAFT model, but it remains a widely used structuring tool, particularly for projects that anticipate a transition from centralized development to decentralized operation. </p><p>At this point, I rarely ever see SAFTs, with the most common playbook being a combination of a SAFE and a &#8220;Token Warrant&#8221; which grants the holder the right to a certain portion of future token supply, based on their as-converted equity holdings.</p><h3>Certain Other Investment Concepts</h3><h4>Rights of First Refusal</h4><p>Investors invariably seek rights of first refusal (ROFRs) to protect against dilution. A ROFR requires any shareholder who wishes to sell their shares to first offer them to the rights-holder before entertaining outside offers. ROFRs are standard in venture financing and should be expected in every institutional round.</p><h4>Lock-Up Provisions</h4><p>Lock-up provisions restrict the ability of founders, employees, and early investors to sell their shares for a specified period, typically 180 days following a liquidity event. Lock-ups protect against a flood of insider selling that could depress the market price and undermine investor confidence.</p><h4>Convertible Instruments</h4><p>In addition to SAFEs, convertible notes are the most common instruments in early-stage fundraising. Convertible notes are debt instruments that convert into equity upon a future financing event, typically at a discount to the price paid by new investors. The note accrues interest and has a maturity date, though maturity is usually extended or waived if a qualifying financing has not occurred. SAFEs, as noted above, accomplish a similar conversion without the debt structure. In either case, the conversion mechanics (discount rate, valuation cap, and qualifying financing thresholds) are the key negotiation points.</p><h2>A Plea For Proper Recordkeeping</h2><p>Meticulous recordkeeping of all securities issuances is not optional. Your company must maintain a stock ledger, copies of all stock purchase agreements, evidence of all securities filings, and records of all option and token grants. Delaware permits uncertificated record keeping through electronic means, which can reduce costs and improve efficiency. The capital table should be treated as a living document, updated in real time as issuances, exercises, and transfers occur. Investors will scrutinize your cap table during due diligence, and errors or gaps erode confidence quickly.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-e68?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading Web3 vs. the Law ! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-e68?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://davidlopezkurtz.substack.com/p/the-crypto-startup-guide-e68?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h4><em><strong>What kind of lawyer would I be without a disclaimer?</strong></em></h4><p><em>Everything I post here constitutes my own thoughts, should only be used for informational purposes, and does not constitute legal advice or establish a client-attorney relationship (though I am happy to discuss if there is something I can help you with). I can be reached via email at dlopezkurtz@crokefairchild.com on telegram @davidlopezkurtz on twitter @lopezkurtz and on LinkedIn <a href="https://www.linkedin.com/in/david-lopez-kurtz/">here</a>.</em></p><p></p>]]></content:encoded></item></channel></rss>