Crypto Clarity Is Up to Congress: Taking Stock of the Latest Lummis‐​Gillibrand Bill

Jack Solowey and Jennifer J. Schulp

Last Wednesday, July 12, an updated version of the Lummis‐​Gillibrand Responsible Financial Innovation Act (RFIA) became public. The updated RFIA, like its predecessor, looks to tackle crypto regulation comprehensively, covering in its 274 pages major topics including market structure, crypto exchanges, stablecoins, illicit finance, and taxation.

The proposal confronts the reality of longstanding legal uncertainty for American crypto market participants. Last week’s highly anticipated order in the case of Securities and Exchange Commission v. Ripple Labs, Inc., along with both the RFIA in the Senate and ongoing efforts in the House, all demonstrate that there’s still significant work to be done before the United States can credibly claim regulatory clarity for crypto.

The RFIA takes important steps toward providing more legal certainty to U.S. market participants, but on some of crypto policy’s most nettlesome questions there remains room for improvement. We offer our initial thoughts on the RFIA’s market structure, crypto exchange, and stablecoin components below. (Our colleague Nicholas Anthony will cover the illicit finance and taxation portions in forthcoming posts.)

Market Structure

One of the most hotly contested issues in crypto policy is the seemingly endless debate over whether and when a crypto token is properly considered to be a security or a commodity under U.S. law. The RFIA takes a swing at this issue by seeking to establish the concept of a crypto token as an “ancillary asset.” The idea is that while a crypto token may be sold pursuant to a type of securities transaction known as an investment contract, the token itself need not be considered a security.

Under the RFIA, the Commodity Futures Trading Commission (CFTC) would have exclusive jurisdiction over a crypto token that qualifies as an ancillary asset but not the “security that constitutes an investment contract.” To qualify as an ancillary asset, the token must not offer the holder any financial rights in a business, such as to debt or equity, liquidation, or interest or dividend payments.

The Securities and Exchange Commission (SEC), however, would have a role to play: where the average daily aggregate value of transactions in the ancillary asset exceeds a certain threshold and where the issuer engaged in “entrepreneurial or managerial efforts that primarily determined the value of the ancillary asset,” the issuer would be required to file detailed disclosures with the SEC. (Where the issuer certifies—and the SEC does not reject—that those efforts have ceased, disclosures are no longer required.) When the issuer complies with the disclosure requirement, ancillary assets owned by the issuer or affiliates will be “presumed” to be commodities and not securities. This presumption could be overturned by a court finding that an ancillary asset does confer a financial right.

Required disclosures to the SEC hinge on whether the issuer is engaged in relevant entrepreneurial or managerial efforts. This “efforts” language is familiar; the third prong of the Howey test for investment contracts asks whether the purchaser “is led to expect profits solely from the efforts of the promoter or a third party.” This element is frequently key to thinking about whether a crypto token should be treated as a security. One reason is that crypto technology allows token projects to develop such that the issuer’s efforts are no longer essential to the functioning or benefits of the project—in other words, projects can become decentralized.

The RFIA does not explicitly invoke decentralization when it comes to classifying crypto tokens as securities or commodities, but it implicitly grapples with the concept to some extent by incorporating the third prong of Howey. Perhaps for that reason, the RFIA’s co‐​author Senator Kirsten Gillibrand (D‑NY) told Yahoo! Finance that, at least in general, decentralization is relevant in determining a token’s legal character: “If it meets the Howey test, then it’s a digital security. If it does not, and it is fully decentralized and has the hallmarks of a commodity, then it’s a digital commodity.”

One benefit of the “ancillary asset” approach is that it potentially streamlines the token classification process. Nonetheless, as the RFIA’s effort to implement the approach demonstrates, it remains difficult in practice to avoid the “efforts of others” concept given the realities of existing (and convoluted) capital markets regulation and the characteristics of crypto. And in incorporating the idea of entrepreneurial or managerial efforts without further defining it—such as by more explicit reference to and definition of a decentralized token network—the current version of the RFIA leaves important questions unanswered.

Fortunately, one place to turn for such a definition—in addition to other proposals—would be the RFIA itself, which defines a decentralized crypto asset exchange (DEX). The RFIA largely defines DEXs as software where no person, or group of people agreeing to act together, can unilaterally control that protocol, including by altering transactions or functions. That’s a sound place to begin defining a decentralized token network as well.

In addition, distinguishing the token from the investment contract “arrangement or scheme” through which the token is offered or sold can leave questions about the investment contract itself. As noted above, under the RFIA, the SEC would retain jurisdiction over the investment contract. Yet the bounds of that jurisdiction are not clearly circumscribed. For example, would SEC jurisdiction over the investment contract be strictly limited to primary market token sales between the issuer and the counterparty, or could the SEC also extend its investment contract jurisdiction to secondary market token sales on theories related to the overall arrangement or scheme? Nothing about the SEC’s recent crypto enforcement activity suggests anything other than a willingness to aggressively assert, or expand, its jurisdiction. And the recent Ripple opinion, while containing important implications for secondary markets in crypto assets, expressly left open the question of whether secondary market token sales constituted offers and sales of investment contracts. If the RFIA envisions SEC crypto jurisdiction as covering only primary—not secondary—market token sales, it should say so unequivocally.


The RFIA contains provisions addressing both centralized and decentralized crypto asset exchanges. The bill requires any trading facility offering a market in crypto assets or stablecoins to register with the CFTC as a crypto asset exchange. Registered exchanges must both confirm that ancillary assets meet applicable disclosure requirements before they’re listed, as well as comply with core exchange principles, including safeguarding systems and customer assets, monitoring trading to provide an efficient market and prevent manipulation, and providing price and trade volume information.

While making important strides to define decentralized exchanges, as described above, the RFIA leaves somewhat uncertain their ultimate regulatory obligations. On the one hand, some sections regulate DEXs only indirectly by imposing risk management requirements on the centralized institutions that interact with DEXs, not the DEXs themselves. That registered crypto asset exchanges are subject to specific requirements regarding their interactions with decentralized crypto asset exchanges also suggests that the former (registered exchanges) does not necessarily include the latter (DEXs). Similarly, the RFIA defines a crypto asset exchange to expressly include a “centralized or decentralized platform” only for purposes of a tax provision, implying that the term crypto asset exchange is not generally meant to cover both centralized and decentralized platforms when used elsewhere in the bill.

On the other hand, by amending the Commodity Exchange Act’s definition of “trading facility,” which excludes systems that allow for bilateral transactions, to clarify that decentralized crypto asset exchanges that allow for multiple bids and offers to interact are distinguishable from such excluded systems, the RFIA suggests that at least some DEXs could be considered trading facilities subject to crypto asset exchange registration requirements. How exactly a DEX that enables trading pairs of crypto assets would mesh with this provision is perhaps open to interpretation.

Given these questions, the RFIA should make more explicit that disintermediated crypto exchange protocols are not subject to inapt requirements designed for centralized intermediaries.


The RFIA would only permit “depository institutions,” such as banks, credit unions, and savings associations, to issue payment stablecoins (tokens redeemable on a 1‑to‑1 basis with instruments denominated in U.S. dollars). Notably, the RFIA would amend the definition of depository institution under the Federal Reserve Act to incorporate a category of “covered depository institutions” that includes non‐​banks exclusively engaged in issuing payment stablecoins and approved to operate by the Office of the Comptroller of the Currency (OCC) or a similar state authority. Under the RFIA, such OCC‐​authorized payment stablecoins would not be required to maintain federal deposit insurance.

It’s welcome when a bill allows for the operation of stablecoin issuers beyond federally insured depository institutions. Nonetheless, in giving federal banking regulators discretion to reject applications of prospective stablecoin issuers on the basis of subjective and open‐​ended criteria beyond basic reserve and disclosure requirements, the RFIA risks further constraining future payment services competition.

Concluding Thoughts

Providing clarity to crypto entrepreneurs, developers, and users in the United States remains a work in progress. Even with important case law evolving in the courts, Congress ultimately must provide a stable and practical framework for U.S. crypto policy.

Decentralization Defined: House Crypto Discussion Draft Offers a Glimmer of Hope for U.S. Crypto Policy

Jack Solowey and Jennifer J. Schulp

While the Securities and Exchange Commission (SEC) leans into regulating crypto by enforcement, lawmakers in the House are looking to lay a foundation for rationalizing U.S. crypto policy—releasing a Digital Asset Market Structure Discussion Draft last Friday and holding a pair of hearings this past Tuesday and next.

The Discussion Draft, while in early days, gets the big question right: it would determine whether crypto tokens are securities or commodities largely based on whether the networks over which they operate are decentralized. In addition, the Discussion Draft would help provide regulatory clarity to crypto marketplaces through long‐​sought pathways for lawfully registering certain crypto exchanges. While the draft would benefit from some modifications—including to the process for certifying network decentralization and the treatment of decentralized marketplaces—this legislative effort would bring much‐​needed clarity to U.S. crypto policy by tackling its thorny questions.

In a microcosm of the SEC’s years long effort to use the inexact fit between legacy securities laws and modern crypto markets to declare most U.S. crypto activity unlawful, the SEC on Tuesday filed a complaint alleging that U.S.-based crypto exchange Coinbase operates an unregistered securities exchange. Congressman French Hill (R‑AR) dryly dubbed it “an interesting coincidence” that the complaint was filed on the same day the House Agriculture Committee held a hearing on the Discussion Draft. Coinbase maintains the tokens it lists are not securities and that it would be happy to register with the SEC if only the Commission would let it.

The poor fit between existing rules and reality stems from the challenge of squaring securities laws designed for centralized firms and financial intermediaries with a crypto ecosystem that includes tokens generated by decentralized networks and traded via disintermediated protocols. Compounding this challenge is the fact that centralized crypto projects can decentralize over time.

The Discussion Draft, to its credit, grasps these nettles. Understanding how is a matter of understanding the security versus commodity debate. A classic security is a share of stock—a partial ownership stake in a company and claim on assets and profits. A stock’s value typically depends on how well a company and its managers perform, so securities regulation seeks to make managers share information relevant to that performance. A classic commodity, by contrast, is a piece of produce (like, say, an orange) that’s standardized and interchangeable. Its value typically depends on supply and demand.

Those arguing crypto tokens are securities analogize them to stocks: they can be sold to raise funds to build out projects and also can be viewed as proxies for those projects’ value.

Those arguing crypto tokens are commodities analogize them to produce. In a famous Supreme Court case on the nature of securities—which is tediously but unavoidably recounted in any crypto regulation discussion—the Court assessed whether an orange grove seller’s scheme to contract with land purchasers to manage orange sales and give them a cut constituted a securities arrangement. It was a securities scheme, the Court reasoned, because the seller’s efforts to manage the operation were essential. Those who argue crypto tokens are commodities point out that while certain token sales may resemble the contract in the orange grove case, the tokens themselves are best analogized to the oranges, which remained commodities notwithstanding the securities scheme.

The Discussion Draft enters this fray by identifying that crypto tokens are neither inherently like stocks nor oranges, but rather resemble one or the other depending on whether there are managers—like the executives at a company or citrus enterprise—controlling the token network.

The Discussion Draft does this through a legal test for whether a crypto project’s network is decentralized. At a high level, it defines a decentralized network as one where no person could unilaterally control, materially change, or restrict general users’ use of the network. In addition, the definition requires that within specific lookback periods, certain persons closely related to the network project have not held or controlled over 20 percent of the network’s outstanding tokens or voting power, contributed intellectual property that materially changed network functionality, or marketed the network or its tokens or issued those tokens, and that certain token issuances were nondiscretionary.

Although it’s possible to quibble over certain details—such as the arbitrariness of a 20 percent holdings cut off and who qualifies as a closely related person—the definition incorporates some key decentralization features, namely the absence of: unified and discretionary control, reliance on or susceptibility to closely related parties’ material contributions or changes, and gatekeeping that excludes general users.

Decentralization is key to the regulatory framework proposed in the Discussion Draft because it is a core component (along with a network becoming “functional”) of the definition of a “digital commodity.” Digital commodities, as laid out by the Discussion Draft, do not require the same ongoing disclosures by issuers as other digital assets (though they are subject to listing disclosures on registered digital commodity exchanges) and may generally be offered and sold by any person other than a closely related party. Importantly, such digital commodities are expressly excluded from the definition of securities and are generally subject to the exclusive jurisdiction of the Commodity Futures Trading Commission (CFTC).

While the Discussion Draft framework is complex, this is largely an unavoidable consequence of the existing “byzantine” U.S. capital markets regulatory regime. Moreover, the framework is appropriately premised on the presence, or lack, of core risks that securities laws seek to address: information asymmetries from managerial bodies.

Even with a legal definition of decentralization that gets to the heart of managerial control, though, there’s the challenge of identifying decentralization in the wild. To address this, the Discussion Draft proposes a process where any person can seek to certify to the SEC that a network is decentralized. Certification will occur by default within 30 days unless the SEC issues a stay or rebuttal explaining its decision. Notably, the SEC will be able to reconsider certifications annually and, where appropriate, cancel them. The certifying party may appeal both initial SEC rebuttals, as well as later cancellations.

It’s probably inevitable that the process for certifying decentralization before a regulator is going to be an intellectually unsatisfying exercise in Gordian knot cutting. Helpfully, the certification process would allow “any person” to initiate a certification, which recognizes that in the case of a truly decentralized network, there’s no single party that must be the one to provide relevant information. For that same reason, the proposed appeals process should similarly allow any person—not just the initial certifying party—to appeal an SEC rebuttal or cancellation. This is particularly important in the case of the cancelled certification of a genuinely decentralized network, where the initial certifier may no longer be in a prime, or any, position to appeal.

Another wrinkle is that leaving the process to the SEC assumes crypto projects are properly subject to SEC jurisdiction unless proved otherwise. While some projects would appropriately begin life under SEC jurisdiction, others, like Bitcoin, would not. One way to resolve this would be to involve the SEC only where the network’s digital asset previously was part of a securities transaction, such as a traditional private offering or the novel exempt digital asset offering provided for in the Discussion Draft, and otherwise leave the process to the CFTC.

The Discussion Draft also grapples with the fact that, like tokens themselves, the marketplaces over which they trade also may be decentralized. And similar to how a lack of managers makes applying traditional securities regulation inappropriate, the lack of a financial intermediary in the case of a crypto marketplace makes applying traditional exchange regulations inappropriate as well.

Importantly, the Discussion Draft recognizes that decentralized finance (DeFi) is different from intermediated finance, and, in addition to defining DeFi, provides for the SEC, CFTC, and Government Accountability Office to provide DeFi studies to Congress. Further, the Discussion Draft expressly exempts from both securities and digital commodities exchange requirements certain “ancillary activities” related to operating a blockchain network, including compiling and validating transactions; operating a pool; providing computing and incidental transaction services; providing a user‐​interface to interact with a blockchain network; and developing, publishing, and maintaining a blockchain network or digital wallet software or hardware systems.

These provisions could be read to cabin off the activities of decentralized exchanges (DEXs), yet reasonable minds may disagree. For one, while SEC rule revisions under the Discussion Draft must permit disintermediated trading in covered assets, that such rules must be “consistent with what is necessary or appropriate in the public interest or for the protection of investors” suggests that at least disintermediated exchange of digital asset securities would likely face some degree of regulation. In addition, although the ancillary activities are broad enough and incorporate enough DEX‐​related concepts to be read to create exemptions for DEX activity, the fact that the definition of DeFi and listed ancillary activities are not coterminous leaves the question open to debate. To head off some of this ambiguity, the DeFi definition could, for example, state that it should not be construed to mean that DeFi is not otherwise covered by ancillary activities.

Finally, residual sources of potential regulatory landgrabs in the Discussion Draft’s framework should continue to be limited and clarified. In particular, there are several points where the framework would give the SEC and CFTC the authority to set standards or impose requirements on any basis that the agencies determine to be in the public interest.

Judging by SEC Chair Gensler’s recent remark that “we don’t need more digital currency,” one such landgrab would seem to be transforming the SEC into the merit regulator it never was meant to be. To borrow a line from House Agriculture Committee Chairman GT Thompson (R‑PA) at Tuesday’s hearing, the SEC’s current approach is no way “to govern a market, adequately protect customers, or promote innovation.” The Discussion Draft offers an opportunity to reverse this course and bring clear thinking to crypto policy.

How to Upgrade House Stablecoin Bill 2.0 to Version 2.1

Jack Solowey and Jennifer J. Schulp

Tomorrow, the House Financial Services Committee’s Digital Assets Subcommittee will hold another hearing on stablecoins (crypto tokens pegged to the value of another asset like the U.S. dollar).

Ahead of the hearing, the Subcommittee released two new discussion drafts of stablecoin legislation, a 74‐​pager and a 34‐​pager. These drafts appear to be the reported separate partisan efforts by Democrats and Republicans after they essentially disowned an earlier bipartisan draft—the “ugly baby” they were at one point co‐​parenting.

Whereas the 74‐​page draft is strikingly similar to the “ugly baby,” the 34‐​page draft—call it “Bill 2.0”—is a more significant update. While the longer draft would increase federal authority to disapprove certain stablecoin issuers—empowering the Federal Reserve Board of Governors (“Fed Board”) to deny required registrations by state‐​approved stablecoin issuers—Bill 2.0 would open the door to more kinds of stablecoin issuers, permit technological experimentation, and help to clarify longstanding jurisdictional issues.

At a high level, U.S. stablecoin policy should allow for a competitive stablecoin market composed of diverse issuers. Doing so means establishing objective standards for collateral and disclosures and restricting regulatory discretion that can choke off competition and privilege insiders. Bill 2.0 contains important upgrades that could help the U.S. get closer to this goal, and a version 2.1 could help patch its additional bugs.

Ideally, stablecoin legislation should focus on the asset‐​backed stablecoins (those designed to be fully backed by collateral) that constitute the vast majority of the current market. Bill 2.0 appropriately maintains this focus, eschewing ideas like temporary bans on certain algorithmic stablecoins.

Stablecoin legislation also should enable competition and inclusion by allowing a larger pool of potential market entrants, including networked businesses (like social and e‑commerce platforms) and brands trusted by diverse communities. Bill 2.0 helpfully rejects prohibitions on non‐​financial businesses being allowed to issue stablecoins.

Last, stablecoin legislation should resolve the regulatory ambiguity and avoid allowing the regulatory discretion that threatens the development of a competitive U.S. stablecoin market. Bill 2.0 takes an important step toward resolving jurisdictional ambiguity in the U.S. by amending securities laws to exempt covered stablecoins from the definition of securities.

But, while moving in the right direction, Bill 2.0 has shortcomings when it comes to restricting regulatory discretion. A version 2.1 could help fix these bugs to ensure, for example, that regulators are not granted broad authority to prohibit stablecoin issuers from entering the market based on vague criteria.

Under Stablecoin Bill 2.0 there are three types of “permitted payment stablecoin issuers”: (1) federally approved insured depository institutions (e.g., banks and credit unions); (2) federally approved nonbank issuers; and (3) state‐​approved issuers.

With respect to federally qualified bank and nonbank stablecoin issuers, Bill 2.0 would empower federal regulators to deny these issuers’ applications where their activities are found to be “unsafe or unsound” in light of the “risks presented by the applicant and the benefits provided to consumers.” Weighing the risks and benefits to consumers of a stablecoin issuer on safety and soundness grounds creates an overly vague standard by which to reject new market entrants.

Digital asset policy should indeed be risk‐​based; however, Bill 2.0 already addresses the primary risks of stablecoins—that issuers don’t have the reserve assets they claim to—in an entire section devoted to collateral, disclosure, audit, certification, capital, liquidity, and risk management requirements (“basic operating requirements”). Regulators shouldn’t be granted a trapdoor to deny applicants that otherwise meet those standards.

Moreover, where downside risks (e.g., that a stablecoin will “depeg” due to inadequate collateral) are already addressed, regulators should not be concerned with the benefits of a prospective stablecoin issuer. An applicant should not have to demonstrate its merit before being allowed to operate lawfully, as consumers can decide whether they find a project’s benefits compelling enough to pursue.

That any one pathway to becoming a stablecoin issuer likely will never be perfect is itself an argument for the utility of Bill 2.0’s state approval pathway—which, at a high level, allows each U.S. state and territory to devise its own approval standards for stablecoin issuers, provided the issuers also comply with the abovementioned basic operating requirements. Allowing the laboratories of democracy to experiment with their own standards could help further diversity among stablecoin issuers and thereby promote both competition and financial inclusion.

Nonetheless, although Bill 2.0 makes strides in paring away requirements for state‐​approved issuers to also jump through federal registration hoops, it leaves open possible federal rulemaking and enforcement channels that go beyond regulations merely implementing basic operating requirements.

One such rulemaking provision is found in a section otherwise devoted to the approval of federally qualified stablecoin issuers. But nothing in the provision itself suggests it can’t be read to allow for rules applying to state‐​qualified issuers as well, which would then subject such state‐​qualified issuers to general “rules necessary for the regulation of the issuance of payment stablecoins.” Ideally, the provision should make clear that the rules made under it wouldn’t apply to state‐​qualified issuers. But, at a minimum, the provision should clarify that these rules also must not go beyond implementing the basic operating requirements, whereas at present the limitation is only that the rules must not be “inconsistent” with such requirements.

As for enforcement, Bill 2.0 also could be read to expand federal authority over state‐​qualified stablecoin issuers beyond the enforcement of basic operating requirements. Although the enforcement section’s own rulemaking provision appropriately refers to rules and orders regarding basic operating requirements, an additional section on “Enforcement Authority in Exigent Circumstances” grants the Fed Board wide latitude to define those “exigent circumstances” in which the Board may take enforcement actions against state‐​qualified issuers.

For one, the Fed is not the optimal regulator of stablecoin issuers. Not only is the Fed as a monetary policy specialist not well‐​suited to regulatory work, as Brookings’s Aaron Klein argues, but also where the Fed perceives private stablecoin issuers as competitors with its own services—such as Federal Reserve deposits or the FedNow system—the Fed faces a conflict of interest. This conflict becomes even greater the more discretion the law affords.

In addition, giving any regulator the power to define its own rules regarding exigent circumstances and take enforcement measures accordingly creates wide leeway to devise new regulatory priorities beyond the basic operating requirements determined by Congress. It also allows the regulator to take discretionary actions against institutions on an ad hoc basis. Such enforcement authority also should be limited to addressing only violations of rules implementing basic operating requirements.

The House Financial Services Committee is distinguishing itself among U.S. government bodies by doing the hard work to thoughtfully address the digital asset ecosystem’s thorny questions. Stablecoin Bill 2.0 is an important step in the right direction, but the Committee could do more to foster a diverse and competitive market by making updates to produce version 2.1.