The introduction of digital ledger technology, crypto assets and blockchain networks (like Bitcoin and Ethereum) have arguably been a catalyst for the phenomenal growth of innovative services and products, in the financial services sector. Among the developments, is the growth and use of a novel organisational form, the Decentralised Autonomous Organisation (DAO) for, inter alia, the governance and operations of protocols.
Alongside the benefits, of this new type of organisation, a number of challenges and concerns have arisen in relation to its operations, identity and future maturity. This includes the ability to engage with traditional legal, economic, and regulatory aspects of the financial services sector.
Policymakers and regulators around the world have been tasked with determining the most appropriate manner to address, and legally recognise, this borderless organisational phenomenon; given its continued growth and adoption. Protagonists argue, that to maintain the uniqueness of DAOs and encourage the growth of innovation, a well-considered approach is necessary. Such an approach would need to balance the preservation of a DAO’s form and operations, while mitigating risks emanating therefrom.
What is a DAO?
A DAO is largely understood to be a digital native, collectively owned, organization that operates independently[i] for the purpose of achieving a particular goal[ii].
A DAO’s structure is generally designed to enable members to participate in the management and decision-making of the organisation (in a pseudonymous manner), using digital ledger technology[iii]. The governance of a DAO (i.e. rules and processes for determining how decisions are made and managed[iv]) is achieved through the use of smart contracts[v].
DAOs differ from the construct of a traditional entity because, among other things, there is no central ownership or centralised governance and no need for intermediaries to execute decisions made[vi]. The nature of a DAO’s structure makes it borderless and its members may exist in various jurisdictions across the globe.
A DAO may be set up to fulfil various functions[vii]. DAOs in the financial services space are, in the main, utilised for the governance, funding and architecture[viii] of DeFi protocols (i.e., protocols that facilitate financial services such as lending, borrowing, exchanges, custody, liquidity, investments, prediction markets, etc). Membership, often represented by tokens[ix], can be purchased, gifted or allocated as a reward, in exchange for capital, work, resources, etc[x].
Proponents contend that the unique organisational structure of DAOs provide various benefits including transparency, autonomy, agility, administrative efficiency, global collaboration[xi], access to collective intelligence[xii] and importantly, decision-making powers for participants/members.
DAO related concerns/challenges and possible solutions
Despite the myriad of benefits associated with the innovative structure and nature of DAOs, there are various challenges and concerns, that ought to be noted:
For the DAO and its members:
Lack of legal recognition and liability protections: Though broadly viewed as an ‘organisation’, DAOs lack formal legal recognition in many jurisdictions[xiii] leaving the [legal] interpretation of its form and liability to be determined on a case-by-case basis. In some instances, DAOs have been interpreted as partnerships[xiv] or unincorporated associations[xv].
A lack of legal recognition hinders a DAO’s ability to transact in the traditional financial sector, including being able to enter into [off-chain] contracts, hold [off-chain] assets, own intellectual property, conduct fiat transactions, etc[xvi]. For its members, consequences include legal uncertainty, exposure to liabilities (in personal capacities) and responsibilities.
Some jurisdictions offer solutions to address the above noted challenges, such as the legal recognition of DAOs or the use of a legal wrapper[xvii] (whether traditional or innovative). For example, in the United States of America, the states of Wyoming, Tennessee and Vermont offer DAOs the ability to be incorporated as limited liability companies. This option, among other things, provides legal personality for a DAO and limited liability protections for its members. The Marshall Islands also facilitates the formation and management of DAOs as LLCs in accordance with its Decentralised Autonomous Organization Act, 2022.
Other options include utilizing foundation companies or special purpose trusts which have separate legal personality and can be used by DAOs to engage in off chain transactions. Such examples can be found in jurisdictions like the Cayman Islands, Panama, Switzerland, Jersey and Guernsey.
The Coalition of Automated Legal Applications has also proposed a Model Law for DAOs which is tailored to their unique features and attributes, including matters such as contentious forks, upgrades, failure events, etc. It offers uniformity and certainty while allowing flexibility for DAOs to arrange themselves as they so choose. The appointment of a DAO Legal Representative to conduct off-chain activities is also addressed in the proposed framework.
Additionally, several other jurisdictions are considering appropriate frameworks for DAOs, including the United Kingdom[xviii], the Bahamas[xix] and Israel[xx].
While the options noted above, offer viable solutions, a key concern is the lack of alignment across jurisdictions which may, among other things, result in regulatory arbitrage and continued uncertainties in some parts of the world; particularly given the borderless nature of DAOs. Harmonised, legal frameworks will be a critical element to closing the gap in this regard.
Compliance with regulatory requirements: Another challenge DAOs face, is the ability to meet regulatory requirements (for the conduct of financial services) since regulatory frameworks are centred around the presumption of centralised management/intermediaries[xxi].
As such, a novel approach would need to be considered to facilitate appropriate compliance. For example, collaboration with regulators may be achieved through digital interface. It would also be beneficial to explore practical regulatory access points for the conduct of supervision; that would not hamper the operations of a DAO/decentralised protocol. The implementation of flexible, broad regulatory standards for protocols, may be a good starting point for approaching compliance concerns (see discussion under regulatory concerns discussed later in this article).
The governance tokens associated with DAOs may also raise questions of compliance. Depending on the characteristics of the token, some tokens may be deemed to be securities[xxii] or crypto assets[xxiii], the issuance and distribution of which may be covered by certain laws.
Cybersecurity: DAOs are also susceptible to cyber-attacks/hacks which when successful, could result in the loss of assets as well as operational protocol disruptions. The attack on THE DAO in 2016[xxiv] and BadgerDAO in 2021[xxv] are examples of cyber vulnerabilities that DAOs face. As the technology and structure of DAOs continue to mature, the implementation of smart contract audits, testing, and the use of continuous monitoring tools will be key in mitigating these types of risks.
Efficiency and operational issues: Some argue that DAOs still face issues regarding decision making which may hinder the purported efficiencies. Decision making may be affected by voter apathy and fatigue, delegation[xxvi] or staked tokens[xxvii].
Furthermore, given the need for community voting, decisions may take longer to be determined[xxviii] depending on the efficacy of the DAO’s decision making process[xxix] and the DLT used. Such delays may place DOAs at risk where decisions must be made on updates of protocols to address vulnerabilities to hacks[xxx].
However, actions have been adopted by DAOs to address such matters. These include, simplifying proposals (where possible), the option of delegation/liquid democracy[xxxi], the use of optimistic governance[xxxii]weighted voting[xxxiii] and time constraints on crucial matters to be determined. Moreover, the continuous development and improvements[xxxiv] occurring on an ongoing basis, means that current inefficiencies are likely to be resolved in the future[xxxv].
For Regulators:
The nature and characteristics of DAOs: The decentralised and pseudonymous nature of DAOs poses several challenges for regulators[xxxvi]. The root of same stemming from the inability to attribute accountability for the adherence to rules and regulations, by protocols that offer financial services. This is because, among other things, oversight, accountability attributions and supervisory communications are usually applied to a centralised entity.
Left unregulated, risks may emanate from the operations of these decentralised protocols which may have negative effects in the DeFi ecosystem with possible spillovers to the traditional financial market. Risks include regulatory arbitrage, the conduct of illicit activities (e.g. money laundering, terrorist financing, etc), market manipulation, fraud, threats to the safety and soundness of the crypto and financial services ecosystem (in so far as they are interconnected), lack of consumer/ investor protection, etc.
One solution could be to create appropriate standards for protocols requiring certain qualities/attributes[xxxvii] that would address regulatory concerns. For example, transparency and accountability in relation to reserve funds and audit implementations could assist in minimizing certain consumer protection risks and boosting public confidence.
Embedding regulatory requirements within DeFi protocols, that would assist with compliance, is an idea that has been floating around in recent times[xxxviii]. Some jurisdictions are already in the process of exploring varying degrees of regulatory compliance for DeFi protocols. For example, in 2022, the Monetary Authority of Singapore announced its plans to test possibilities for introducing “regulatory safeguards and controls into DeFi protocols to mitigate against market manipulation and operational risk” and to “examine the use of smart contract auditing capabilities to detect code vulnerabilities”[xxxix].
The Financial Services Regulatory Authority in Abu Dhabi has also proposed the idea of “approving DeFi protocols”[xl]. However, requirements such as “the ability to identify participants” may not align with the nature of the protocols and their governance structure.
Creating appropriate digital interfaces[xli] to enable communication between regulators and DAOs may assist in maintaining the nature and structure of DAOs, while allowing for appropriate regulatory supervision, including discussions on regulatory recommendations and compliance reporting.
While these solutions will go through a “teething process” and may not immediately close the gap regarding the regulation of DAOs/decentralised protocols; it will serve as a starting point in being able to address compliance and accountability concerns regarding decentralised financial products and services in the market.
The varying degrees of centralisation/decentralisation: Though, DAOs (in their purest form) are meant to be fully ‘decentralised’, in many cases governance tokens (and the rights attached therein) may be held by a few individuals or small group and may gradually become more distributed over time.
In that regard, a DAO’s structure may contain varying degrees of centralisation/decentralisation so that a ‘one size fits all regulatory approach’ may not be appropriate for all DAOs. Though standard setters have recommended a ‘same activity, same risk, same regulation’ approach for the conduct of services offered within the crypto ecosystem, it may not always be practical to implement same with the involvement of a fully decentralised DAO[xlii].
Thus, while DAOs that display greater aspects of centralisation could be subject to the same activity, same risk, same regulation approach, in so far as it applies to accountability; as the structure morphs to becoming more decentralised, the regulatory approach may have to be adjusted.
The World Economic Forum has provided a template that could be utilized by regulators in assessing the governance model of a DAO as to whether it is centralised, partially decentralised or fully decentralised; and which may assist in informing an appropriate regulatory approach[xliii].
The problem of Jurisdictional Uncertainty
Jurisdictional uncertainty may arise given the geographic dispersion of pseudonymous DAO token holders, and the lack of an identifiable jurisdiction for the operations of a DAO. Such uncertainty results in challenges for, inter alia, the pursuit of claims and enforcement initiatives.
One proposal is to consider the establishment of virtual jurisdictions in the cryptospace[xliv], which would address the physical border limitations currently faced. However, this would require dedication to implementing advanced cryptographic tools and the buy in of governments that such an approach is necessary, in the absence of alternative solutions. Given ongoing debates on the regulation of DeFi, it is unlikely that jurisdictions are ready to consider such an approach which would also require reflection on implementing international law matters via computer code.
A more immediate and practical solution could be international collaborations that address the cross-border nature of DAOs by aligning requirements for DAOs [and their members] and addressing recognition issues. This approach is consistent with recommendations highlighted by standard setters, like the Financial Stability Board, in relation to activities in the crypto ecosystem.
Conclusion
The growth of Decentralised Autonomous Organizations has brought to the forefront discussions on the appropriate legal and regulatory responses to address a number of issues regarding identity, governance and operations.
Viable solutions should incorporate factors in relation to the varying nature of DAOs (i.e. whether partially or fully decentralised), appropriate recognition and accountability measures, and the fact that DAOs may be regarded as a fairly immature and nascent organisational form, that may continue to evolve. This will require collaboration for the introduction of novel solutions, fit for purpose.
The lack of alignment internationally among policy makers and regulators on how to treat DAOs, continues to create uncertainties and leaves room for inter alia, regulatory arbitrage. Harmonised, policy and legal frameworks that take into consideration the unique characteristics of DAOs, is crucial to realizing benefits, facilitating innovation, boosting public confidence, and protecting the market, while mitigating risks.
References
[i] Within the blockchain it is deployed on.
[ii] Note that there is currently no universal definition for a DAO.
[iii] Hassan, S. & De Filippi, P. (2021) [Decentralized Autonomous Organization. Internet Policy Review, 10(2)] point out that there remains debate regarding the decentralization of a DAO. Whether decentralisation relates to the infrastructural layer (i.e. at the level of the underlying blockchain-based network) or whether it also means decentralization at the governance level (i.e. the DAO should not be controlled by any centralised actor or group of actors).
[iv] Including submission and voting on proposals, resolution of conflicts and implementation of changes to protocols.
[v] Smart contracts are self-executing computer programs that run on a blockchain. Governance decisions are executed via smart contracts on the relevant blockchain (as a transaction), via a consensus mechanism [i.e. proof of work, proof of stake, etc) on the settlement layer. See World Economic Forum’s ‘DeFi Policymaker Toolkit’ Whitepaper, June 2021, which mentions this.
[vi] Smart contracts do this part, once programmed in that manner with the relevant parameters to be met. That is to say, once a collective decision is made on a course of action, a smart contract automatically executes the decision.
[vii] Hassan, S. & De Filippi, P. (2021). Decentralized Autonomous Organization. Internet Policy Review, 10(2). https://doi.org/10.14763/2021.2.1556. There are various types of DAOs set up for many purposes including charitable DAOs, Grant DAOs, Collector DAOs, Media DAOs, DAOs Operating Systems, Service DAOs, Social DAOs etc.
[viii] The criteria/rules for particular actions to take place around the DAO’s management, operation and decision making is embedded in smart contracts.
[ix] This does not mean that all DAOs require the use of tokens in order to operate. Some DAOs operate without the use of same as all rules including the way in which decisions are made are already embedded in code. For example, the bitcoin network. See INATBA Policy Notes on Decentralised Autonomous Organisations (DAOs), February 2022.
[x] Tokens can be associated with specific rights, such as the right to receive a portion of the DAO’s profits or “the right to use the network, software, or other service offered by the organization. DAO tokens may also provide their holders with the right to govern underlying software through a vote”: A. Wright, ‘The Rise of Decentralized Autonomous Organizations: Opportunities and Challenges’, Stanford Journal of Blockchain Law & Policy, (2021) Vol. 4.2, pg. 172.
[xi] See note from Daniel Gassal and Julian Weidinger, (2023): click here.
[xii] Noted in publication of Nathan Tse, ‘Decentralized Autonomous Organizations and Corporate Form’. https://doi.org/10.26686/vuwlr.v51i2.6573
[xiii] De Filippi and Hassan note that “the autonomous nature of a DAO is incompatible with the notion of legal personhood, as legal personhood can only be established if there is one or more identified actors responsible for the actions of a particular entity.”
[xiv] In the US matter of Sarouni v bZx DAO, March 2023, a court determined that for the purpose of a class action, negligence claim, bZx DAO could be considered a general partnership. See summary here: https://www.ibanet.org/decentralised-autonomous-organisations-and-liability-in-litigation or https://www.jdsupra.com/legalnews/dao-or-dare-the-implications-of-sarcuni-5923330/.
[xv] For instance, in 2022, Ooki DAO was sanctioned by the CFTC who deemed the DAO to be unincorporated association. A Court later determined that for the purpose of service Ooki Dao could indeed be deemed to be an unincorporated association.
[xvi] The absence of a formal legal identity raises numerous challenges for DAOs interacting with the off-chain world in relation to: hiring employees, contracting services providers, opening bank accounts, paying taxes, etc: Brummer, Christopher J. and Seira, Rodrigo, Legal Wrappers and DAOs (May 30, 2022). Available at SSRN: https://ssrn.com/abstract=4123737 or http://dx.doi.org/10.2139/ssrn.4123737.
[xvii] Wrappers may be described as legal entities that offer DAOs certain liability protections, provide legal recognition and enable DAOs to carry out functions it would otherwise not be able to do.
[xviii] https://www.lawcom.gov.uk/project/decentralised-autonomous-organisations-daos/
[xix] See IFC article: ‘BAHAMAS: Government working on a regulatory framework for DAOs’, https://www.ifcreview.com/news/2023/may/bahamas-government-working-on-a-regulatory-framework-for-daos/
[xx] https://www.coindesk.com/policy/2023/07/27/israel-consults-public-on-dao-regulation-sets-up-special-examination-team/
[xxi] This is in direct contradiction with the nature of DAOs since organizational power is meant to be in the hands of the community and not in a few centralized decisions makers.
[xxii] For example, the US SEC indicated that governance tokens of THE DAO amounted to securities.
[xxiii] However, most crypto asset laws do not specially address DeFi tokens. Tokens that represent partially decentralized structures may arguably fall within scope.
[xxiv] See https://www.blockchain-council.org/dao/details-of-the-dao-hacking-in-ethereum-in-2016/ for background.
[xxv] See https://www.theverge.com/2021/12/2/22814849/badgerdao-defi-120-million-hack-bitcoin-ethereum for background.
[xxvi] For example, as at August 2023, there were 73 million governance token holders but only 3 million active voters: Stats from https://deepdao.io/organizations
[xxvii] If tokens are staked, they may be unavailable for use, depending on the rules of the DAO, etc.
[xxviii] See IOSCO Decentralized Finance Report (2022) https://www.iosco.org/library/pubdocs/pdf/IOSCOPD699.pdf
[xxix] FSB Report (2023) p.6 & 11-12, ‘The Financial Stability Risks of Decentralised Finance’. https://www.fsb.org/2023/02/the-financial-stability-risks-of-decentralised-finance/
[xxx] See for example the Compound Hack that led to $147m loss, where hackers exploited the delay in decision making.
[xxxi] This is a form of delegation where token holders may delegate votes to one person or split their delegation between different people or groups of people on certain issues.
[xxxii] That is lowering the number of proposals to be voted on by assuming that proposals pass “unless there is a strong objection, requiring a rejection threshold rather than an approval quorum” See WEF Decentralized Autonomous Organization Toolkit’, (January 2023).
[xxxiii] Essentially token holders are rewarded with greater power for participation in votes and conversely, diminished power for failing to do so. In some instances token holders may lose their tokens for failure to vote: See A. Sims, ‘Decentralised Autonomous Organisations: Governance, Dispute Resolution and Regulation’, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3971228
[xxxiv] in relation to digital ledger technology and smart contracts use.
[xxxv] See Nathan Tse, ‘Decentralized Autonomous Organizations and Corporate Form’
[xxxvi] Among other things, pseudonymity can facilitate ill-intentioned individuals to disguise their identities and continue participating in business transactions.
[xxxvii] M. Ganado, J. Ellul, G. Pace, S. Tendon, and B. Wilson et al (2020): ‘Mapping the Future of Legal Personality’. https://law.mit.edu/pub/mappingthefutureoflegalpersonality/release/1
[xxxviii] See for example: Auer, R (2022): “Embedded supervision: how to build regulation into decentralised finance”, BIS Working Papers, no 811, May. In the BIS paper it was proposed that a regulatory framework could be introduced as part of the code in DeFi protocols which would automatically monitor compliance by reading the market’s ledger and reducing the need for firms to actively collect, verify and deliver data (ie “embedded supervision”).
[xxxix] See Media Release: MAS Partners the Industry to Pilot Use Cases in Digital Assets (May 2022), click here.
[xl] See ADGM Discussion Paper No. 1 of 2022, ‘Policy Considerations For Decentralised Finance’, https://www.adgm.com/documents/legal-framework/discussion-paper/2022/discussion-paper-no-1of-2022-decentralised-finance-apr-2022-final.pdf
[xli] Ibid.
[xlii] This is because this approach is reliant upon the accountability of a centralized identity or at minimum identifiable accountable persons.
[xliii] ‘Decentralized Autonomous Organization Toolkit’, (January 2023): https://www.weforum.org/reports/decentralized-autonomous-organization-toolkit/
[xliv] M. Ganado, J. Ellul, G. Pace, S. Tendon, and B. Wilson et al (2020): ‘Mapping the Future of Legal Personality’. https://law.mit.edu/pub/mappingthefutureoflegalpersonality/release/1