It’s an unfortunate habit, but federal agencies tend to announce enforcement actions and rulemakings at the end of the day on Fridays, especially Fridays before a holiday. For crypto, last Friday was one of those “take out the trash days” for both the SEC and the IRS.
The SEC announced an enforcement action against Consensys over its Metamask wallet, which the Commission alleges is an unregistered broker, and for facilitating access to non-custodial staking services from Lido and Rocket Pool, which it argues constitutes unregistered securities issuance. Later in the day, the IRS announced a final rule in its broker rulemaking that will define who, amongst custodial crypto intermediaries and also, potentially, non-custodial wallet developers, must do third-party tax reporting.
Not all agency news came from the agencies, however; the Supreme Court also had a big week. It published an opinion in the Loper Bright case that overturned the Chevron doctrine of deference to agency interpretation of statutes.
We have previously written about all of these legal areas in other contexts, so let’s go through that past work to explain and see what we can learn from the current developments.
The SEC, Consensys, and Staking
SEC v. Consensys will be highly fact dependent so we will hold off doing an in-depth analysis until we know exactly what the government is alleging and how Consensys responds in its briefs. Generally, though, the SEC is alleging that Consensys is an unregistered securities broker and that it has offered unregistered securities in the form of Lido and Rocket Pool liquid staking tokens. Let’s take those allegations in turn.
Broker registration: core to Consensys’ business is an open-source non-custodial Ethereum wallet, Metamask, and it is through this software that the SEC alleges Consensys offers brokerage services. We have previously written extensively on the topic of permissioned-based regulation (registration) of software developers by the SEC. This first came up in 2022 when the SEC published a notice of proposed rulemaking that threatened to expand the definition of “exchange” in the Code of Federal Regulations. The current definition of exchange regulates conduct: “bringing together orders” and “using methods” to effectuate trades. The new proposed definition would regulate speech as exchanges: “bringing together buyers and sellers” and “making available” “communications protocols.” Drawing parallels with a 1985 case on investment advisor registration (Lowe v. SEC), we argued in comments to the SEC that its expanded “exchange” definition was facially unconstitutional because it would create a prior restraint on protected speech activities like publishing software.
The brokerage allegation in the Consensys case is about registering as a broker (under the current rules) rather than registering an exchange (under the proposed rule) but, regardless, it is also a registration requirement and would, following the same analysis in our comment letter, be an unconstitutional prior restraint on speech if the facts show that Consensys’s alleged non-compliant conduct is within the realm of protected speech.
We eagerly await arguments in this case and hope Consensys can compellingly show that it is not engaged in regulatable conduct as a broker, but rather is protected as a publisher of expressive speech. There must be a First Amendment limit to broker registration requirements just as there is a limit to investment advisor registration articulated by the Supreme Court in Lowe.
Recent case law shows that even without leveraging First Amendment defenses, Consensys could prevail simply by arguing that it doesn’t fit the broker definition. In SEC v. Coinbase, the Southern District of New York has held that merely providing users with cryptocurrency wallet software does not constitute brokerage services under the relevant case law:
While [Coinbase] Wallet provides access to or links to third-party services, such as DEXs, the SEC does not allege that Coinbase performs any key trading functions on behalf of its users in connection with those activities. As the Complaint acknowledges, Coinbase has no control over a user’s crypto-assets or transactions via Wallet, which simply provides the technical infrastructure for users to arrange transactions on other DEXs in the market. …
[W]hile Wallet helps users discover pricing on decentralized exchanges, providing pricing comparisons does not rise to the level of routing or making investment recommendations. See Rhee v. SHVMS (“Merely providing information … does not implicate the objectives of investor protection under the Exchange Act and does not constitute effecting a securities transaction.”). Similarly, the fact that Coinbase has, at times, received a commission does not, on its own, turn Coinbase into a broker. See id. (“Commission-based payment, standing alone, is not dispositive of whether a party acts as a broker-dealer under the Exchange Act.”).
So far as we know, the Metamask wallet functions similarly to the Coinbase wallet: it aggregates information, provides access to or links to third-party DEX protocols, and does not afford Consensys any control over a user’s crypto assets. If that comparison is accurate, then the same reasonable analysis offered by Judge Failla in the Coinbase case should apply and the unregistered broker claim should be similarly dismissed.
Liquid Staking Tokens: Apart from the broker allegations, the SEC is also arguing that Consensys is offering unregistered securities when it facilitates the minting of liquid staking tokens by Metamask users. The tokens in question are Lido and Rocket Pool’s stETH and rETH tokens. As a first pass, a similar defense as in the Coinbase Wallet case should apply. To our knowledge, Consensys does not offer or control the Lido or Rocket Pool services. Those are smart-contract-based tools on the Ethereum blockchain that were developed by others. To our knowledge, Metamask merely provides links and information about those services to its users. That conduct should not rise to the level of “offering” for the unregistered securities offering charges, and regulating that conduct has similarly strong First Amendment implications: the wallet is doing little more than curating and republishing already public information from the Ethereum blockchain to the user. The Wall Street Journal can’t be made to get a license before it reports stock prices and ticker symbols to its readers. Again, however, the court will need to have a full picture of the facts before it can rule on the law.
In general, staking is a complicated topic in crypto policy. It’s complicated because of the ambiguous and varied nature of the term’s usage in crypto (in custodial staking services, non-custodial staking tools, and individual participation in proof-of-stake protocols). We have previously explained the different types of crypto staking in a backgrounder, and we also offered our analysis of why custodial staking services may well be within the SEC’s jurisdiction because of the Gary Plastic case:
In Gary Plastic, Merrill Lynch offered certificates of deposit (CDs) to its customers alongside an option to sell the CD before maturity, as well as additional promises to find the best CD interest rates and collect on FDIC insurance on customers’ behalf should the original CD issuer fail. The court rightly found that CDs themselves were not securities but that the offer of both the CD and the additional promises were, taken together, a security. In the case of staking rewards the analogy should be clear. The cryptocurrency itself may not be a security but the promise to hold it and stake it safely and profitably on the network as well as provide a liquid market for future sales of the cryptocurrency may be a security under the Gary Plastic standard.
That said, non-custodial staking services like Lido and Rocket Pool do not involve the same additional promises to users that are offered by custodial entities. As we wrote:
Following the Gary Plastic standard discussed above, staking services should not trigger securities regulations. The customer is never depositing their money with the service provider, and the provider is not promising anything beyond technical capacity like server maintenance. That said, this area is rapidly evolving, and every particular economic arrangement should (and will) be judged on its own merits.
The SEC’s lawsuit is further complicated by the fact that it is not even going after the Lido or Rocket Pool developers for these staking activities, but is instead going after Consensys, the developer of a wallet used by individuals to access third-party staking services. This is a frustratingly convoluted way for the SEC to police activities in a space that it presumes, perhaps wrongly, is within its jurisdiction. It’s not at all clear that they are going after the right defendant and it’s not even clear that anyone has done anything wrong. It’d be rather like the DEA suing pipe manufacturers because people use pipes to smoke tobacco and tobacco causes cancer. (1) It’s not the pipe maker’s business or responsibility what people smoke with their pipes and (2) tobacco isn’t even a controlled substance.
It’s also deeply unfortunate that the SEC has decided to charge into this ambiguous area with an aggressive surprise enforcement action rather than first offering clearer guidance and rulemakings that give the public and any potential defendants the benefit of due process and the rule of law. Crypto wallets like Metamask are essentially just user interfaces; they are to blockchain networks what the desktop web browser is to the world wide web. If we’d taken the SEC’s current enforcement approach back in the 1990s, federal agents would have been raiding Netscape’s offices, and arresting developers because of web content their users happened to visit while using Netscape Navigator. The result would be (and is) holding the wrong people responsible for content that may not even be illegal. The result is anti-innovation and seeks centralized control over speech and discourse.
The IRS Broker Rulemaking
Just when a summer Friday couldn’t get any busier, the IRS published a final rule in its ongoing broker rulemaking. To review, remember that this definition of “broker” is not related to the securities laws definition discussed earlier. Instead, the tax-code definition of “broker” determines who is obligated to do third-party tax reporting about their clients. Typical securities brokers and also some other trusted financial intermediaries must annually file a form with the IRS describing the trades, gains, and losses of their clients, and that’s great!
For over six years, Coin Center has repeatedly argued that custodial cryptocurrency exchanges, like Coinbase and Kraken, already fit under the existing definition of “broker” in the tax code, and that the IRS therefore should issue guidance explaining the details of how those entities can and should do third party reporting. The IRS was chronically late with this guidance despite repeated urging from us, the exchanges themselves, and members of Congress.
Rather than issuing that guidance, the IRS and Treasury actively lobbied members of Congress to amend the tax laws, expanding the definition of “broker” within the cryptocurrency ecosystem to a vague and unreasonable scope that would include “decentralized exchanges” and “unhosted wallet providers.” Why the IRS decided to pursue this ambitious legislative strategy rather than simply using existing authority to offer clarity to centralized exchanges is anyone’s guess. It certainly wasn’t the fastest or simplest way to increase crypto tax revenue. Again, there was already plenty of statutory authority to demand third-party reporting from custodial exchanges where the vast majority of crypto trading happens and where the greatest tax revenue gains could be made by clarifying reporting standards. By now we could have verifiable records of taxpayer gains from centralized exchanges for half a decade. We don’t.
This misguided legislative strategy culminated in a fight over the Infrastructure Investment and Jobs Act in August of 2021. Treasury wanted language in the law that would cover all manner of non-custodial entities within the reporting requirements, and an early draft included, “any person who (for consideration) regularly provides any service or application (even if noncustodial) to facilitate transfers of digital assets, including any decentralized exchange or peer-to-peer marketplace.” That broad definition could clearly have been used to force miners, validators, software developers, and node-operators, among others, to surveil their fellow crypto users, report private transaction details, or else face criminal sanctions for tax law violations. Had it been adopted, the broker definition would have made the US non-competitive in the field of open blockchain technologies. Moreover, by obligating cryptocurrency developers to write surveillance technology (backdoors essentially) into their software, the law would have facially violated the First and Fourth Amendments of our Constitution.
Fortunately, we and others fought back and reasonable voices in Congress prevailed: the final text of the Act was amended to read, “any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.” That language simply mirrors the existing broker definition, and clarifies that trusted cryptocurrency intermediaries should be subject to the same reporting requirements as trusted securities brokers. In other words, rather than authorize a wild goose chase to force American software developers into rewriting wallet software, Congress decided to remind the IRS that it should go ahead and do what it should have done years earlier: give centralized exchanges guidance and an updated 1099 form to do third party reporting.
Nonetheless, the IRS persisted with a wild goose chase. After an unexplained further two-year delay, the IRS issued a notice of proposed rulemaking in November 2023. The proposed rule returned to the same unhosted wallet and decentralized exchange language Congress explicitly rejected during the infrastructure bill fight. As we wrote in our comment letter:
The Treasury Department is bound to enact the law as made by Congress and is not free to go beyond that authority. Broadening these definitions runs counter to the plain text of the statute as it was amended by the Infrastructure Investment and Jobs Act and it also runs counter to the intent of Congress as found within the legislative history of that law’s passage.
As before, the proposed rule threatened the First and Fourth Amendment rights of developers and cryptocurrency users:
Applying a customer disclosure requirement to persons who have no customers in the traditional sense, to persons who merely publish software, websites, or other tools, compels them to write their tools in a manner that goes directly against their closely held political and social beliefs. In other words, demanding software developers to build software tools that intentionally violate the privacy of their users compels these developers not only to speak some factual disclosure about their software users but also to speak in a deeply expressive manner a viewpoint with which they do not agree.
The rule as applied to those who merely publish software, websites, or other tools, violates the Fourth Amendment rights of the persons obligated to make reports, even under the more lenient standards for warrantless administrative searches. Additionally, to the extent any obligated persons will be made to report any information about taxpayers that is not voluntarily provided by taxpayers for a legitimate business purpose, the proposed rule deputizes service providers to engage in the warrantless search and seizure of taxpayer information in violation of the Fourth Amendment.
And again, we pleaded with the IRS to simply extend third-party tax reporting to actual trusted intermediaries in crypto as Congress had intended:
To remedy these issues, we propose a much simpler redefinition of “broker” that merely clarifies that the existing broker reporting requirements now also explicitly include brokers effecting sales of digital assets. This approach would be technology neutral, simpler to administer, and requires none of the complicated newly defined terms in the current proposal. It also, unlike the current proposal, mirrors the intent of Congress and respects the fundamental Constitutional rights of Americans.
In April of 2024 the IRS had still not finalized the proposed rule or offered any guidance to centralized exchanges. They did, however, publish a sample 1099 form that included an “unhosted wallet provider” checkbox amongst the various types of reporting brokers.
That brings us to last Friday. Almost three years after Congress passed the Infrastructure Act and at least six years since our calls for third-party reporting guidance began, the IRS published a final rule offering guidance for custodial exchanges. And what about the question of non-custodial entities? They punted:
The proposed new digital asset middleman rules that apply to non-custodial industry participants are not being finalized with these final regulations. The Treasury Department and the IRS continue to study this area and, after full consideration of all comments received, intend to expeditiously issue separate final regulations describing information reporting rules for non-custodial industry participants.
After six years the IRS has finally, thankfully, offered custodial exchanges guidance on third-party reporting. We’ll just have to wait some more to see how and when they deal with the question of non-custodial entities.
Loper Bright is the End of Chevron
Last November we published a report about the Bank Secrecy Act: Broad, Ambiguous, or Delegated: Constitutional Infirmities of the Bank Secrecy Act. Unlike our previous constitutional law work, which focused on the First and Fourth Amendments, this report focused on Chevron deference, the major questions doctrine, the nondelegation doctrine, and the modes of statutory interpretation favored by the current justices. It’s a nuts and bolts look at how courts should and should not interpret ambiguous and broad laws, like the Bank Secrecy Act, in the context of new technologies like cryptocurrencies.
Chevron deference is a doctrine of judicial deference compelling federal courts to defer to an agency’s interpretation of an ambiguous statute. In the context of the Bank Secrecy Act, Chevron could be relevant if Treasury decided, for example, that the ambiguous term “Financial Institution” included decentralized exchange software developers, Bitcoin miners, layer 2 nodes, or any other non-custodial crypto entities. That agency interpretation of an ambiguous term within a federal statute may, under the Chevron doctrine, get deference from a federal judge if it was challenged in court. If Chevron controlled, it wouldn’t matter if the judge interpreted the statutory text differently, the judge must defer to the agency’s interpretation.
As of last week and the Court’s decision in Loper Bright Enterprises v. Raimondo, that doctrine is no more. Now, if the Treasury Department were to take a similarly extreme interpretation of “financial institution” and if that interpretation was challenged in court, the judge need not defer to what the agency argues. She can, instead, do a de novo review of the statutory text to see if Congress did, in fact, intend for the Treasury to regulate these entities as financial institutions. In general, this decision is good for the rule of law and democracy. It will limit the power of unelected bureaucrats to stretch and bend the meaning of our laws to suit their prosecutorial or regulatory ambitions, and it will emphasize the need for our elected representatives in Congress to draft laws carefully and specifically (rather than assume that regulators will just figure it out on their own).
Loper Bright is also highly relevant in the context of the securities and tax laws we’ve just described. Without Chevron, a judge in SEC v. Consensys need not defer to the SEC’s own understanding of what exactly a “broker” is and whether it includes the developers of a wallet like Metamask. The judge can interpret the law herself. Without Chevron, a future challenger of the IRS’s broker rulemaking (should they ever finish the non-custodial section) can rightly argue that Congress plainly did not intend for the definition of broker to include non-custodial entities, and the judge need not defer to any alternative interpretation of the IRS.
Loper Bright levels the scales between an agency attorney and a defendant in an enforcement action or a plaintiff and an agency in a civil suit (like our Tornado Cash and 6050I lawsuits). Coin Center is excited to play on that more level field, and stands ready to defend your rights.