.png)
The global financial and digital asset landscape has been radically changed by the introduction of blockchain technology, decentralized finance (“DeFi”), tokenized ecosystems and Decentralized Autonomous Organizations (“DAOs”). DAOs represent a novel organizational structure where governance and operational choices are made via smart contracts, on-chain voting mechanisms, and decentralized consensus protocols instead of the typical centralized corporate administration. That stated, DAOs are decentralized, but regulators in different countries are starting to look more closely at how DAOs are run, how they issue tokens, manage their treasuries, and the financial services they provide relating to crypto from a legal and compliance angle. In today’s regulatory environment, blockchain projects, DAO members, token issuers, exchanges, wallet providers and Web3 enterprises need to do rigorous legal and regulatory due diligence before initiating operations. Regulatory bodies around the world are implementing or have implemented licensing and compliance regimes to deal with a number of issues such as anti-money laundering (“AML”), counter-terrorist financing (“CTF”), investor protection, cyber security, sanctions compliance, consumer fraud and the integrity of the financial markets.
Failure to comply with applicable legal responsibilities can lead to substantial civil, administrative and criminal liabilities for projects and stakeholders, including enforcement procedures, financial sanctions, suspension of activity and reputation harm. The standard definition of a DAO is an organizational form that is based on blockchain technology and governed by programmable smart contracts and voting procedures of the community. Governance choices, including as protocol upgrades, treasury allocations, operational adjustments, and ecosystem growth plans, are often made by token holders or authorized participants. But regulators often look at whether a DAO is truly decentralized in reality, or whether control effectively rests with recognized founders, engineers, treasury signers or governance facilitators.
Where a small number of persons retain material operational power, regulatory authorities could consider the DAO as an unincorporated association, partnership or centralized business for the purposes of duty attribution and regulatory enforcement . Accordingly, DAO members and protocol operators must be aware of the importance of creating a proper legal wrapper organization such as foundations, limited liability corporations (“LLCs”), non-profit groups or offshore corporate structures. Such entities can help lessen governance issues, ease contract complexity, ensure uptime and provide limited liability protection for contributors and token holders. In addition, lack of a legal framework might cause misunderstanding concerning tax problems, dispute resolution, implementation of contracts and regulatory accountability.
Crypto asset enterprises and DAO ecosystems may also be subject to licensing, registration or authorisation requirements depending on the nature of the services supplied and the jurisdictions where such services are performed. Many countries have adopted licensing frameworks for Virtual Asset Service Providers (“VASPs”) based on the recommendations of the Financial Action Task Force (“FATF”). Typical operations such as the supply of cryptocurrency exchange services, custodial wallet services, fiat/crypto conversion services, crypto transfer services, brokerage services and the administration or custody of virtual assets are expected to fall within the scope of the VASP rule. Organizations involved in these activities may be required to register with financial regulators or Financial Intelligence Units (“FIUs”) and to have rigorous AML and KYC compliance procedures.
Such compliance regimes often involve customer due diligence processes, sanctions screening methods, suspicious transaction monitoring systems, risk-based compliance programs, record-keeping requirements and reporting obligations. Regulators are putting more pressure on crypto firms and service providers linked to a DAO to put in place rigorous internal controls to identify and deter unlawful movements of currency. Not having the required registrations in place or AML systems which are compliant with the law could result in serious enforcement actions including financial fines, limits on operations and criminal prosecution under the relevant financial crime legislation.
One of the significant legal issues is whether the securities laws apply to governance tokens, utility tokens, staking arrangements and tokenized investment vehicles. These characteristics include an analysis of the expectation of profits, reliance on the efforts of others in a managerial capacity, centralized promotional activities, the speculative nature of the investment, and revenue sharing arrangements. Such elements may be used by the regulatory authorities to establish that a token is a “security” or a “investment contract”. If a token is determined to be a regulated security, the issuer and other relevant parties may be subject to securities registration requirements, disclosure obligations, prospectus requirements, broker-dealer license requirements or collective investment scheme prohibitions.
Managing a DAO treasury also presents serious regulatory and fiduciary problems. Many DAOs have large economic value in the form of treasuries of cryptocurrencies, governance tokens, stablecoins and tokenized assets. In cases where user funds or treasury assets are handled by treasury signatories, operators of multisignature wallets or protocol administrators, authorities may impose additional compliance duties with respect to custody, cybersecurity, financial reporting and operational governance. In some jurisdictions, custodial services for digital assets may be required to be licensed and subject to stringent operational controls such as asset segregation, cybersecurity audits, insurance protections, and internal control mechanisms. Even if DAOs do have centralized branding, legal blame may still fall on identified developers, governance members, treasury operators and funders in the event of illicit conduct, failure to comply with rules or operational carelessness. Voting mechanisms for token-holders to ratify governance proposals may not necessarily protect participants from responsibility if such activities contribute to securities offenses, sanctions violations, financial misbehavior or consumer harm. As such, DAOs should include clear governance procedures, voting record-keeping systems, treasury approval controls, conflict-of-interest safeguards and compliance monitoring methods to eliminate legal uncertainty and enforcement risk. Another key legal difficulty for DAOs and crypto companies is the extraterritorial application of law.
Blockchain networks are fundamentally global and protocol users, token holders, validators and liquidity providers are typically located simultaneously in multiple jurisdictions. Depending on where your customers are located, your marketing efforts, how you distribute tokens, your treasury activities and income producing strategies, this can inadvertently create licensing, reporting or tax obligations in different countries. The European Union, Singapore, Switzerland, the United Arab Emirates and the Caymans and British Virgin Islands have introduced or are creating crypto-specific regulatory regimes that seek to strike a balance between innovation and compliance control. By comparison, many other nations have rigid or unpredictable regulatory systems which might increase operational and enforcement risk to blockchain enterprises. With the ever-changing regulatory environment, DAOs and crypto companies should think about legal and compliance challenges from the outset of a project’s development.
Such measures may include the establishment of legally recognised entities, the development of governance constitutions and operational policies, the implementation of AML and KYC compliance systems, the undertaking of token classification assessments, the performance of independent smart contract audits, the adoption of cybersecurity safeguards and the engagement of experienced legal and regulatory advisors. Robust compliance programs reduce the risk of regulatory enforcement and increase the institution’s reputation, investor confidence, access to financial services and ability to operate sustainably over time.” To summarize, DAOs and decentralized ecosystems are a revolution in the digital economy, but decentralization is not a free pass from regulatory scrutiny or legal obligation. Governments and financial authorities globally are focusing more on governance structures, token issuance activities, treasury management systems and virtual asset services to ensure compliance with applicable laws and financial regulations. “Therefore, the DAO founders, developers, governance participants and crypto companies need to adopt a legally sound and governance-centric operating model to mitigate risk, to ensure the regulatory defensibility and to promote sustainable growth in the fast-evolving Web3 ecosystem.”
