Making Comprehensive Crypto Policy Out of Regulatory Patchwork

Suggestions that the CFTC is the crypto industry’s “regulator of choice” and more susceptible to capture do not hold up, according to former CFTC Director of Enforcement Aitan Goelman.

AccessTimeIconDec 29, 2022 at 3:00 p.m. UTC
Updated Dec 30, 2022 at 2:37 p.m. UTC
AccessTimeIconDec 29, 2022 at 3:00 p.m. UTCUpdated Dec 30, 2022 at 2:37 p.m. UTC
AccessTimeIconDec 29, 2022 at 3:00 p.m. UTCUpdated Dec 30, 2022 at 2:37 p.m. UTC

Even as cryptocurrency and other digital assets resident on blockchain have increasingly permeated the public consciousness, the question of regulatory authority has largely gone unanswered. Often, seismic events in the financial industry, like the collapse of FTX, lead to clarity.

Here, unfortunately, instead of leading to any kind of consensus, the early signs indicate that the demise of FTX and its repercussions on other crypto companies have only reinforced the disagreements between the different stakeholders on how, or even whether, to regulate crypto.

Aitan Goelman is a partner with Zuckerman Spaeder, LLP and the former Director of Enforcement at the Commodity Futures Trading Commission. This article is part of Crypto 2023.

By now, most people are familiar with the saga of FTX and Sam Bankman-Fried, the founder, majority owner, and, until recently, wunderkind CEO of the now-defunct crypto exchange. Before his abrupt fall from grace, “SBF,” as Bankman-Fried has become known, had the ear of public officials, regulators and celebrities, and a public image as the kinder, gentler, face of crypto.

After a November 2022 article in Coindesk reported that the bulk of the holdings of Alameda Research, SBF’s trading firm, were in FTX’s token, a run on the bank was triggered. That led to SBF’s resignation and forced FTX and related entities into bankruptcy, with FTX’s customers and investors out billions of dollars. SBF was subsequently indicted in the Southern District of New York (S.D.N.Y.) for a variety of crimes, including wire fraud, conspiracy and money-laundering, stemming from his alleged use of assets belonging to FTX’s customers to plug a shortfall in Alameda and his alleged lies to investors.

The U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) filed enforcement actions against SBF as well, alleging that his actions violated the securities laws and the Commodity Exchange Act (CEA), respectively.

Until FTX’s demise, it and SBF had been seen as the white knights of the crypto world, repeatedly riding to the rescue of other troubled companies in the sector. This made some contagion from FTX’s collapse inevitable, although to this point, the damage appears largely confined to other crypto companies, customers and investors, rather than to the traditional financial system.

It is worth noting that, while SBF is now incarcerated and faces a potentially lengthy prison term and unfavorable comparisons to Bernie Madoff, he had previously been a champion of increased regulation of the crypto markets, including by lending his support to proposed federal legislation which would have undoubtedly prohibited much of his conduct, including the use of customer funds to prop up Alameda.

Pre-FTX regulatory status

There has never been a dedicated regulator of crypto, at least in the U.S. Various federal agencies, including the Department of Treasury, the SEC and the CFTC, each have different pieces of regulatory responsibility. Certain state agencies have carved out roles for themselves as well, with the New York Department of Financial Services, for example, issuing its own “BitLicenses.”

In this patchwork of different regulatory authority, the legal basis for the CFTC’s jurisdiction is clearest. The Commission has repeatedly held that crypto can be a commodity under § 1(a)(9) of the CEA, which falls under its regulatory umbrella, and this interpretation has been endorsed by federal courts as well. As a result, the CFTC has asserted its regulatory authority over crypto derivatives, and its anti-fraud and anti-manipulation enforcement authority over transactions in spot crypto.

There has been considerably less consistency in the SEC’s approach to crypto. In the last administration, the SEC seemed relatively uninterested in crypto. Its only notable effort was to belatedly take action against the spate of Initial Coin Offerings (ICO), which were fairly clearly unregistered securities offerings, but eschewing any attempt to more broadly regulate crypto.

The SEC has been far more aggressive under Chair Gensler, who has repeatedly suggested that the vast majority of tokens are securities. Gensler’s Enforcement Division has launched a host of investigations into different tokens and has adopted an expensive interpretation of “investment contracts” under SEC v. Howey, 328 U.S. 293 (1946).

Despite this, the SEC’s ability to show that these tokens are actually securities under current law is far from certain. The agency did manage to persuade a New Hampshire district court that the cryptocurrency LBRY was a security. However, it is facing a stiff challenge in SEC v. Ripple, 20 CIV 10832 (S.D.N.Y. 2020), where the defense, led by former SEC Chair Mary Jo White and former Enforcement Director Andrew Ceresney, are arguing that Ripple’s token is not a security by using public statements (and, now, internal SEC communications) made by another former top SEC official, William Hinman, about why Ether did not qualify as an “investment contract” under Howey.

This has resulted in an unusually public turf battle between the CFTC and SEC, and even led CFTC Commissioner Caroline D. Pham to issue a statement condemning the SEC’s decision to bring charges in SEC v. Wahi. Quoting Federalist No. 49, Commissioner Pham called the SEC action “a striking example of ‘regulation by enforcement,’” and encouraged the CFTC to use “all means available” to enforce the CEA in the crypto space.

In this regard, the SBF charges can be seen as a victory for CFTC. Although the SEC charged SBF with securities fraud, it is related to lies he told to FTX investors, something that is inarguably in the SEC’s wheelhouse. The SEC did not allege that the underlying crypto itself – FTT – was a security, while both the CFTC and the S.D.N.Y. alleged that crypto is a commodity.

All three agencies subsequently filed consent charges against SBF’s accomplices and confidantes Caroline Ellison and Gary Wang, both of whom are cooperating with the government against SBF.

Notably, the SEC did charge Ellison and Wang with manipulating FTT, which the agency described as a “crypto asset security.” The CFTC didn’t address the legal status of FTT in particular, but cited bitcoin, ether and tether as examples of “digital asset commodities.”

This pattern of charges could indicate the early outlines of an agreed-upon division between the agencies for tokens that are considered “securities” and those that are not, with the SEC claiming jurisdiction over the former and the CFTC over the latter.

However, the fact that the SEC defined FTT as a “security” in its charges against Ellison and Yang, but not in its case against SBF, demonstrates that the agency is bolder in pressing its expansive definition of “crypto asset securities” when it knows it won’t have to fight that issue in front of a judge.

Proposals to fill the regulatory gaps

Prior to FTX’s implosion, there seemed to be an emerging consensus (or something close to it) that Congress should establish a comprehensive regulatory framework for crypto. This included the Financial Stability Oversight Council (FSOC), which in October 2022 recommended that Congress pass legislation to provide federal regulators with rule-making authority over the spot market for “crypto assets that are not securities.”

The FSOC did not say which regulator should be given such authority, but it appears that it had the CFTC in mind. Further, securities were excluded from the recommended regulatory authority, a move that clearly seemed designed to reassure the SEC that there would be no encroachment on its territory.

There are two major pieces of draft crypto legislation circulating on the Hill, and both explicitly provide the CFTC with regulatory authority over large parts of the spot crypto markets.

The Digital Commodities Consumer Protection Act (“DCCPA”), introduced in August by Senators Debbie Stabenow (D-MI) and John Boozman (R-AR), extends the CFTC’s regulatory authority to spot crypto. While the bill defines certain cryptocurrencies, such as bitcoin, as commodities, it offers no detailed guidance on what crypto assets would be classified as “securities,” which the bill exempts from CFTC jurisdiction.

To pass, this bill will have to overcome SBF’s earlier public endorsement – a boon at the time, but now may taint the legislation by association.

The Responsible Financial Innovation Act (RFIA), sponsored by Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY), goes even further toward endorsing the CFTC as the primary crypto regulator. It gives the agency oversight over digital assets that are not securities and lays out fairly restrictive standards for determining that a crypto asset is a security.

The senators noted in a joint press release that “understanding that most digital assets are much more similar to commodities than securities, the bill gives the CFTC clear authority over applicable digital asset spot markets” – leaving little doubt as to their intent and openly differing with Chair Gensler’s public statements.

Beyond these differences, the two bills have many provisions in common. Both would allow the CFTC to self-fund by imposing user fees on crypto companies, an ability which mimics an authority the SEC has long had and which could be a game changer for the perpetually cash-strapped agency.

The last time Congress significantly expanded the CFTC’s responsibilities – when the Dodd-Frank bill brought swaps under the agency’s ambit after the financial crisis of 2008-09 – the CFTC’s budget did not keep pace with its enlarged remit.

The ability to impose user fees would help ensure that the CFTC, whose budget (about $320 million) is still a rounding error compared to that of the SEC (approximately $2 billion), can effectively carry out its enhanced mission.

Another feature shared by both pieces of draft legislation is the establishment of a new self-regulatory organization (SRO) exclusively for the crypto markets. This is something former CFTC Chair Tim Massad has said should be done regardless of what happens in Congress, and he has suggested that it be overseen jointly by the SEC and CFTC.

The Impact of FTX

The collapse of FTX and its knock-on effects in the broader crypto industry has led to renewed calls for urgent action by Congress. But it hasn’t led to unanimity, or even consensus, about the need for legislation, much less how to regulate the industry.

Instead, it has largely reinforced the positions already held by the various stakeholders. SEC Chair Gensler has used the FTX saga to reiterate his position that the SEC already has regulatory authority over most coins, and it simply needs more money to do the job.

In contrast, CFTC Chair Benham, in congressional testimony soon after FTX declared bankruptcy, noted that the CFTC-regulated American subsidiary of FTX (FTX US Derivatives – once known as LedgerX) was still solvent, demonstrating the effectiveness of CFTC supervision.

Crypto enthusiasts reacted to the implosion of FTX by arguing that there are fraudsters in every industry. Some also noted that centralized exchanges like FTX are in many ways the antithesis of the ethos of crypto, which was intended to be a decentralized form of finance independent of the need to trust in institutions or other market participants.

Unsurprisingly, the FTX saga hasn’t dented the faith of true crypto zealots, who continue to believe with almost religious ferocity that Web3 and blockchain represent one of the most consequential developments in human history – more important than the development of the internet, approximately equal to the discovery of fire, and perhaps slightly behind the invention of the wheel.

More surprisingly, some hardcore crypto skeptics are pointing to the very limited contagion from the FTX collapse as evidence that crypto should not be regulated. They argue that if crypto is brought into the mainstream financial system, it would have the imprimatur of government approval and this would encourage more retail investors to speculate in crypto. As a result, the entire economy would be exposed to the volatility, money laundering, fraud and manipulation that are ubiquitous in (and, to some crypto haters, an inextricable part of) crypto.

This regulatory debate illustrates the adage that “where you stand depends on where you sit.” Chairman Gensler, who was an aggressive proponent of the CFTC’s remit when he chaired that agency during the Obama Administration, now believes that virtually all crypto qualifies as a “security.” And then you have the chair and enforcement director of the SEC during the same administration, who are representing Ripple in its battle against the SEC and are among those arguing for a more limited interpretation of a “security.”

Meanwhile, crypto companies continue to avoid U.S. jurisdiction. They do so primarily by moving offshore (the headquarters of FTX, like many crypto firms, was in the Bahamas) and by “geo-blocking” Americans, a technique that prohibits those the computer identifies as being located in the U.S. from accessing their platforms – but this is, of course, a far from hermetic seal against anyone with a VPN.

The absence of legislation and regulation doesn’t mean the law surrounding crypto is stagnant – it continues to develop through litigation and the interpretation of various enforcement actions. But true clarity won’t come through the slow churn of the legal system, it will come through legislative action. Ironically, FTX’s collapse has, in some ways, complicated the path to Congressional action.

In addition to the now-poisonous association with SBF, both draft bills are under renewed criticism for granting primary regulatory jurisdiction to the CFTC instead of the SEC.

But suggestions that the CFTC is the crypto industry’s “regulator of choice” and more susceptible to capture by the industry simply don’t hold up against the facts. In 2022, more than 20% of the agency’s enforcement actions were related to crypto. Further, the CFTC sought – and, more often than not, successfully obtained – increasingly significant sanctions.

Under its current funding structure, the agency undoubtedly does not have the resources to be fully effective. However, if any legislation retains a grant to the CFTC of authority to levy user fees on crypto actors, the agency’s efforts in the crypto sector will be even more robust.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Aitan Goelman

Aitan Goelman is a partner with Zuckerman Spaeder, LLP and the former director of enforcement at the Commodity Futures Trading Commission.

Read more about