November 18, 2024
DELIVERED VIA EMAIL: regulations@dfpi.ca.gov
State of California
Department of Financial Protection and Innovation
Attn: Legal Division
2101 Arena Boulevard
Sacramento, California 95834
regulations@dfpi.ca.gov
Re: Second Invitation for Comments on Proposed Application-Related Rulemaking Under the Digital Financial Assets Law (PRO-02-23).
Dear Department,
Thank you for the opportunity to submit comments in response to the California Department of Financial Protection and Innovation’s (“DFPI”) invitation for comments, dated October 2, 2024, regarding DFPI’s formal rulemaking process that will implement the Digital Financial Assets Law (“DFAL”).
The Digital Sovereignty Alliance (DSA) is a nonprofit social welfare organization dedicated to advancing public understanding and advocating for responsible, ethical policies in the rapidly evolving fields of decentralized technologies, blockchain, cryptocurrency, Web3 innovations, and artificial intelligence. DSA aims to foster a society where these technologies empower individuals, protect digital rights, and drive inclusive growth. Through education, advocacy, and collaboration, DSA seeks to shape a future where technology serves humanity, safeguarding freedom, privacy, and democratic values in the digital age.
We support California’s regulation of digital asset businesses and robust consumer protections for customers of those businesses. A well-regulated digital asset industry fosters a healthy environment for digital asset businesses to operate by removing legal uncertainties which can act as barriers to innovation. More importantly, thoughtful regulation protects consumers’ interests and financial choices.
I. Summary of Comments
We respectfully request DFPI to consider the impacts of the DFAL on Decentralized Autonomous Organizations (“DAOs”), whose organization and operational structure differ from most other entities covered under the DFAL. DAOs are blockchain-based organizations, which provide for the operation and governance of the underlying blockchain in a decentralized, autonomous manner pursuant to the blockchain’s open-source code. DAOs typically lack centralized leadership and are owned by communities of members. But DAOs are not without controls, as discussed below. Moreover, the activity of all DAO participants is public and may be analyzed for potentially unsafe or unsound activity.
We respectfully request DFPI to consider the impacts of the DFAL on Decentralized Autonomous Organizations (“DAOs”), whose organization and operational structure differ from most other entities covered under the DFAL. DAOs are blockchain-based organizations, which provide for the operation and governance of the underlying blockchain in a decentralized, autonomous manner pursuant to the blockchain’s open-source code. DAOs typically lack centralized leadership and are owned by communities of members. But DAOs are not without controls, as discussed below. Moreover, the activity of all DAO participants is public and may be analyzed for potentially unsafe or unsound activity.
Given the emergence of DAOs and their recognition by a number of other U.S. states, we strongly recommend the DFPI craft regulations and/or issue guidance addressing issues uniquely affecting DAOs. Notably, because the identities and residency of natural persons are typically not known in the DAO context, we recommend waiving the requirement that a DAO license applicant disclose the number of California residents with whom the applicant engaged in digital financial asset business activity in the month preceding the application and the requirement to provide an estimate of the number of residents with whom the applicant will engage in business activity by October 1 of the year following submission of the application. We also recommend DFPI consider how the surety bonds requirement will apply to DAOs, which will face challenges as transaction activity may regularly fluctuate, and where the reserves which back digital assets are specific to a particular token, as opposed to applicable to all digital assets that are compatible with a blockchain. We recommend that DFPI clarify that a reserve of assets which serves as collateral for a given stablecoin, if audited, suffices as the necessary reserve.
Also, given the decentralized nature of DAOs, we respectfully suggest that the DPFI clarify that DAOs may be permitted to use blockchain analysis firms, such as Chainalysis, TRM Labs, or other transaction and research services, to certify information regarding participating entities on the public blockchain. Relatedly, we also request that the regulations provide alternative ways for DAOs to report relevant information in the Nationwide Multistate Licensing System & Registry (“NMLS”), including by reporting government-issued identification numbers, or in the case of decision-making entities, by reporting wallet addresses that may be researched. The NMLS forms and processes do not neatly fit a DAO’s organizational structure because DAOs do not have centralized organizational structures or official executive officers or control persons. Therefore, the DFPI should consider alternative methods by which DAOs may meet the DFPI’s goals of protecting consumers and fostering innovation.
Additionally, because DAOs do not have a log-in or check-out process, it may be difficult for DAOs to comply with the fee disclosure requirements. We respectfully request DFPI promulgate rules that permit DAOs to use a foundation, or other similar recognized organizations created to provide support to blockchain-related projects, to post the necessary disclosures for participants in the DAO. Because they are decentralized, DAOs often need a legal structure or “wrapper” to serve the directions of the DAO consensus and enable it to operate within the traditional business world. Among other such functions, these legal wrappers may serve to hold the DAO treasury, protect DAO members from third party claims,
and provide the administrative structure for DAO members to vote on governance matters. The legal wrapper may take the form of a foundation, not-for-profit LLC, or an association. However, notwithstanding the administrative or executive services provided by a foundation or other “wrapper” entity, the key decisions regarding the operation of the blockchain are made through each DAO’s set voting and governance procedures.
Finally, we strongly concur with DFPI’s inclusion of the Exemption from the Money Transmission Act for fiat money transmission by a person licensed under the DFAL, because it removes unnecessary redundancies. We also strongly recommend that California provide interstate reciprocity wherever possible, by recognizing DAOs registered and regulated in other states, like New Hampshire, without requiring a full license application submission to the DFPI, which will also serve to reduce redundancies and increase efficiencies.
II. Background Information
To clarify our comments, we have included below a list of definitions and concepts that may be useful to help understand DAOs and how they should be regulated.
a. What is a Blockchain?
A blockchain is digital ledger that records transactions and is maintained across computers that are linked in a peer-to-peer network. Blockchains are typically fully transparent, immutable, and free to use. Blockchains use cryptocurrency tokens to conduct transactions “on-chain.”
b. What is a Decentralized Autonomous Organization (“DAO”)?
A DAO is an organization managed in whole or in part by a decentralized computer program, with voting and finances handled through a blockchain. DAOs are generally owned by member communities without centralized leadership and offer an innovative and democratic means to structure organizations and their corresponding governance.
DAOs are entirely different than an exchange. An exchange is centralized, and the control persons of an exchange generally have a certain level of custody over the assets under management of the exchange. DAOs, on the other hand, are decentralized entities whose members include decision-making parties or network validators who are responsible for validating blockchain transactions and subsequently producing new “blocks” of the blockchain. On some blockchains, the network validators serve as “Super Representatives” (“SRs”) and are chosen to serve in this role by receiving the top votes from other DAO community members. Community members vote for SRs by allowing the SR to have temporary custody of their tokens, or “staking” their tokens with the SR. SRs are more akin to gatekeepers of the blockchain than to custodians over the assets on-chain. The majority of assets that are available on a blockchain are in the custody and control of the entities or individuals who created the asset-holding wallets and have sole access to the assets in their wallets.
a. What states recognize DAOs?
Vermont was the first state to recognize blockchain-based company structures when it enabled the formation of blockchain-based limited liability companies in 2018. Wyoming and Tennessee have also added accommodations for DAOs in their laws. Utah was the first state to classify DAOs as distinct legal entities, while others like New Hampshire are considering similar legislation.
b. Does a DAO have a compliance department?
While DAOs do not have directors or officers or traditional compliance departments, DAOs do comply with applicable laws and regulations. This is often accomplished through a foundation or other administrative entity that communicates with third parties, including regulators and law enforcement, on behalf of the DAO.
c. What is a “Smart Contract?”
A smart contract is a self-executing program that automates the actions required in a blockchain transaction or agreement. Once completed, the transactions are trackable and irreversible. Smart. contracts allow transactions and agreements to be carried out among anonymous parties without the need for a central authority or external enforcement mechanism.
d. What is “Stablecoin?”
A Stablecoin is a type of cryptocurrency that is pegged to another asset, such as a fiat currency. Stablecoins are designed to maintain a stable value over time and are an alternative to the volatility of other cryptocurrencies. Stablecoins are often backed by the asset to which they are pegged. For example, a dollar-based stablecoin will be pegged to the dollar and is designed to maintain a value of $1 and will be backed by a reserve of dollars held at a traditional financial institution. Stablecoins may also be backed by cryptocurrencies, such as bitcoin.
e. What is “Staking?”
Cryptocurrencies that allow staking use a Proof of Stake (PoS) consensus mechanism, with the goal of increasing speed and efficiency, while lowering fees. “Staking cryptocurrency” is the process by which token holders act as validators responsible for verifying transactions and adding new blocks to the blockchain. Validators lock their tokens into a staking contract and risk losing their tokens if they validate false transactions. In return, they earn rewards for helping to validate transactions. The voting structure for staked coins can be complex. For example, some DAOs permit any holder of the DAO’s native token to vote for representatives who collectively help protect the DAO, among which, the topmost-voted candidates will become participants in the leadership of the DAO. Under this system, the elected representatives are responsible for producing blocks and packing transactions, for which they receive voting rewards and block rewards; other entities that have received fewer votes may receive voting rewards without performing the aforementioned tasks. Many DAOs allow participants to initiate proposals to modify DAO governance and procedures or vote on changes in proportion to their amount of network tokens.
III. Comments in Response to DFPI’s Questions
a. Exemption from the Money Transmission Act for fiat money transmission by a person licensed under the DFAL, only if such fiat money transmission is incidental to regulated digital financial asset business activity.
We strongly support this exemption as it removes unnecessary redundancies in the application process.
b. The process and requirements to apply for a license, including requirements to submit application and maintain license through the Nationwide Multistate Licensing System
& Registry (“NMLS”).
We support the robust application and vetting requirements imposed by DFPI, as we agree on the need for comprehensive oversight and accountability for crypto assets, actors, and activities. We believe the framework to be consistent with standards found elsewhere in the financial system. A more permissive regulatory framework could fail to provide adequate protections for consumers, resulting in poor industry practices, and potentially leading to crypto-related scams. In particular, we appreciate the requirement for applicants to provide all fictitious business names it uses, plans to use, or has used in the past, as well as the requirement to submit a detailed business plan.
We also support the DFPI’s requirement to submit a Covered Exchange Certification pursuant to Section 2048(a)(3); however, we recommend that item number 1 in the draft Covered Exchange Certification be stricken because it is too subjective. Item number 1 requires the signatory to certify that they have “[i]dentified the likelihood that the digital financial asset would be deemed a security by federal or California regulators.” Cal. Fin. Code § 2048(a)(3). This certification is far too subjective and speculative for an applicant to make. Indeed, it is a legal conclusion that requires transaction-specific, fact intensive analysis that may change based on the unique circumstances relating to a given digital asset. In light of the uncertainty and ambiguity that exists at the state and federal level in this area of the law, and including the lack of a robust history of precedential decisions that could help guide such determinations in any comprehensive way, we believe this requirement cannot be effectively satisfied and so would recommend striking this requirement from the Covered Exchange Certification.
The DFAL also requires licensee applicants to disclose the number of California residents with whom the applicant engaged in digital financial asset business activity in the month preceding the application, and to provide an estimate of the number or residents with whom the applicant will engage in business activity by October 1 of the year following submission of the application. Cal. Fin. Code § 2048(a)(4). Because DAOs do not have user accounts or other centralized registry DAO applicants will not be able to provide this information because the identity of natural persons behind wallet addresses may not be known to the DAO. Likewise, and for similar reasons, it will be difficult for applicants to know whether a DAO member is a California resident. The DFAL defines a resident as a person who is physically located in California “for more than 183 days of the previous 365 days.” Cal. Fin. Code § 3102(r)(1). It will be extremely difficult for licensees to maintain records of a DAO member’s physical location throughout the year to determine whether the DAO member is a California resident. In practical effect, in the context of a DAO, where the identity of a natural person behind wallet addresses is unknown, this requirement is almost impossible to meet. Therefore, we request that DFPI strike or waive this requirement in its entirety in the context of a DAO or, in the alternative, clarify that this requirement can be satisfied by relying on self-certifications by DAO member to the applicant-licensee.
The definition of “Control,” as that term is used in the regulations, will present issues for DAOs. The regulations define “Control” as meaning both of the following:
(1) When used in reference to a transaction or relationship involving a digital financial asset, power to execute unilaterally or prevent indefinitely a digital financial asset transaction.
(2) When used in reference to a person, the direct or indirect power to do either of the following:
(A) Vote 25 percent or more of any class of the voting securities issued by a person.
(B) Direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, other than a commercial contract
for goods or non-management services, or otherwise, if no individual is deemed to control a person solely on account of being a director, officer, or employee of such person.
Cal. Fin. Code § 3102(c). In contrast to corporations and other types of business organizations, DAOs do not have managers or directors with formal decision rights. Instead, the members of DAOs collectively make governance decisions by voting on proposals. The governance process is encoded and executed via a smart contract, negating the need for centralized leadership. In light of this, it will be difficult for DAOs to comply with the “control” provisions of the DFAL, because personal information regarding voting members is unlikely to be known. That said, DAOs can utilize self-regulation and analysis of the public blockchain by recognized blockchain analysis firms to provide needed information regarding control. We respectfully request the DPFI clarify that DAOs are permitted to use blockchain analysis firms, such as Chainalysis, TRM Labs, or other transaction and research services, to provide certifications regarding control based on public blockchain analysis.
Cal. Fin. Code § 3102(c). In contrast to corporations and other types of business organizations, DAOs do not have managers or directors with formal decision rights. Instead, the members of DAOs collectively make governance decisions by voting on proposals. The governance process is encoded and executed via a smart contract, negating the need for centralized leadership. In light of this, it will be difficult for DAOs to comply with the “control” provisions of the DFAL, because personal information regarding voting members is unlikely to be known. That said, DAOs can utilize self-regulation and analysis of the public blockchain by recognized blockchain analysis firms to provide needed information regarding control. We respectfully request the DPFI clarify that DAOs are permitted to use blockchain analysis firms, such as Chainalysis, TRM Labs, or other transaction and research services, to provide certifications regarding control based on public blockchain analysis.
Similarly, the NMLS MU1 form does not neatly fit the organizational structure of DAOs. The DFAL requires the license applicant to identify all executive officers, control persons, and responsible persons through NMLS on Form MU1, in a section titled “Direct Owners and Executive Officers,” “Indirect Owners,” or “Qualifying Individuals.” Cal. Fin. Code § 2048(a)(11). Applicants are further required to submit a Form MU2 for each individual listed on the form MU1, including the individual’s government-issued identification number and the issuing state and country on Form MU2. Id. The DFAL also requires applicants to file a full investigative background report for any individual named on forms MU1 for whom an MU2 was filed, if the individual is not residing in the United States or has not resided in the United States at any time in the last ten years. Id. The requirement to include “indirect owners” will be an extremely difficult task for DAOs to meet, because the identities of natural persons behind wallet addresses are most often unknown. However, if a DAO were to have "Control Person(s)" in the classic sense, then SRs would be the closest match. SR candidates typically provide basic information such as the wallet address associated with their validation node. We respectfully request that the regulations provide alternative ways for DAOs to report relevant information, including by reporting government-issued identification numbers, or in the case of SRs, by reporting wallet addresses.
The DFAL also requires a licensee to file a “Notice of Changes” whenever there is any change in the information contained in its application for a license, including with respect to individuals filed in Forms MU1 and MU2. Cal. Fin. Code § 2057. Unlike traditional, centralized organizations, filing of Notices of Changes will be extremely difficult in the unique context of DAOs. In a DAO, voting control may change frequently and, as described, there is significant practical difficulty involved if required to update information like the identity of the elected representatives and obtaining background checks and information, if that is even possible in the first place. Instead, we suggest that the requirements for “control persons” should extend only to the DAO’s foundation management, which will remain relatively constant. In addition, we respectfully request DFPI clarify that DAOs may comply with the Notice of Changes requirement by using blockchain analysis firms to provide a certification that the wallet addresses holding the tokens of the elected representatives are not associated with illegal activities.
The DFAL also requires a licensee to file a “Notice of Changes” whenever there is any change in the information contained in its application for a license, including with respect to individuals filed in Forms MU1 and MU2. Cal. Fin. Code § 2057. Unlike traditional, centralized organizations, filing of Notices of Changes will be extremely difficult in the unique context of DAOs. In a DAO, voting control may change frequently and, as described, there is significant practical difficulty involved if required to update information like the identity of the elected representatives and obtaining background checks and information, if that is even possible in the first place. Instead, we suggest that the requirements for “control persons” should extend only to the DAO’s foundation management, which will remain relatively constant. In addition, we respectfully request DFPI clarify that DAOs may comply with the Notice of Changes requirement by using blockchain analysis firms to provide a certification that the wallet addresses holding the tokens of the elected representatives are not associated with illegal activities.
The DFAL also requires licensees to, prior to engaging in digital financial business activity with a resident, disclose to the resident a schedule of fees and charges that may be assessed, the manner by which fees and charges will be calculated if they are not set in advance and disclosed, and the timing of the fees and charges. Cal. Fin. Code § 3501(b)(1). We respectfully request that DFPI consider how this rule will impact DAOs, where there typically is no “login” or checkout process, but the fee associated with an on-chain transaction is made available by the blockchain’s code and is knowable beforehand to the sender. DAOs may also determine the network fees for transactions on the network. However, the fee required for the transaction is burned as part of the transaction, meaning there is no party which receives the transaction fees. We respectfully request that the rules permit DAOs to use a foundation, or other similar recognized organization created to provide administrative support to blockchain-related projects, to post the necessary disclosures beforehand to the sender.
We also recommend DFPI consider how the surety bonds requirement will apply to DAOs, which will face challenges as transaction activity regularly fluctuates, and where the reserves which back digital assets are specific to a particular token. We recommend that DFPI clarify that an auditable reserve for stablecoins may suffice as the necessary reserve.
A number of other state regulators have considered how DAOs should be regulated and have crafted rules to address the unique structure and governance of DAOs. Therefore, and as a matter of comity, we recommend that the DFPI recognize DAOs registered and regulated in states like New Hampshire and not require a full license application submission to the DFPI. As discussed below, doing so will reduce redundancies and increase efficiencies across the industry and nationwide among the states.
IV. Additional Recommendations
a. Recommend that California provide interstate reciprocity where possible.
We further recommend that California implement reciprocity measures with other states that have adopted similar comprehensive regulatory and supervisory schemes for digital financial asset business activities, including, for example, New York. We believe this serves the best interests of the DFPI, which would reduce its investigation and monitoring costs, and digital financial asset market participants, who face less regulatory uncertainty and would save on compliance costs by not being required to comply with multiple sets of duplicative rules. We also suggest that DFPI recognize other state regulators’ decisions regarding digital financial asset listings.
We further recommend that California implement reciprocity measures with other states that have adopted similar comprehensive regulatory and supervisory schemes for digital financial asset business activities, including, for example, New York. We believe this serves the best interests of the DFPI, which would reduce its investigation and monitoring costs, and digital financial asset market participants, who face less regulatory uncertainty and would save on compliance costs by not being required to comply with multiple sets of duplicative rules. We also suggest that DFPI recognize other state regulators’ decisions regarding digital financial asset listings.
In particular, DFPI should:
- Apply a presumption that any digital financial asset that has been approved for listing through a process approved by NYDFS (e.g., digital financial assets certified using a NYDFS-approved self-certification process or digital financial assets on the NYDFS “Greenlist”) should be approved, or conditionally approved, for listing by a covered exchange;
- Grant conditional licenses to any entity that is licensed to conduct digital financial asset business activity (or a comparable term) by another state’s regulators; and
- Work with other states’ digital financial asset regulators to conduct joint examinations, similar to those done for money transmitters under MSB Networked Supervision.
The legislature could also promote interstate reciprocity by amending the Money Transmission Act to exempt state-chartered trust companies from the Act’s licensure requirements. Currently, the Act provides an exemption only for trust companies chartered by California or national associations authorized to engage in trust business. Yet, numerous businesses currently offer safe and responsible custody solutions to customers or members through trust companies chartered in other states. These trust companies are subject to strict regulation and rigorous supervision. They also provide an essential custody service to retail and institutional customers. Rather than duplicate other states’ supervisory efforts, California should allow these trust companies to conduct digital financial assets business activity in California under their existing license.
Moreover, we recommend that DFPI use its authority under the Act to exempt licensees from certain disclosure requirements if the licensees participate in the NMLS. NMLS streamlines the reporting obligations of certain financial institutions, allowing them to fulfill multiple states’ reporting requirements through reports filed with NMLS. Many state regulators are likely to use NMLS to collect information on regulated entities that conduct digital financial asset business activities. For example, NYDFS already uses NMLS to manage BitLicenses. We believe there are particular reporting and disclosure requirements that could be collected through NMLS rather than requiring a licensee to file a separate report with DFPI. These requirements include:
- The event-reporting disclosures included in a licensee’s annual report; and
- The current event reports that must be filed with DFPI.
We appreciate DFPI’s commitment to soliciting information from the public through a transparent
process, and in addition to the comments provided herein, we would welcome an opportunity to meet
with you and your staff for further discussions. In this letter, we have provided comments responsive to
some of the topics proposed by DFPI as well as additional recommendations regarding the DFAL.
Sincerely,
Adrian Wall
Chief Executive Officer
Digital Sovereignty Alliance (DSA)