The SEC’s reliance on a nebulous US Supreme Court decision raises important questions for the future of decentralized finance.

By Benjamin Naftalis, Douglas K. Yatter, and Peter E. Davis

Reves v. Ernst & Young,[1] a 30-year-old US Supreme Court decision on farmers’ co-ops, is garnering attention in the Web3[2] world, specifically in the context of protocol-driven decentralized finance (DeFi).[3] The case popped up in recent speeches by senior Securities and Exchange Commission (SEC) officials, including congressional testimony of SEC Chair Gary Gensler,[4] and featured in one of the SEC’s latest moves in crypto enforcement — an August 2021 action against a company called DeFi Money Market (DMM).[5] These developments raise several important questions. What is the relevance and application of the Reves four-factor test? How does it apply (or not apply) to Web3 generally and DeFi specifically? Most importantly, does it give the SEC broad authority to regulate DeFi?

This piece offers an initial analysis of these issues as they may arise in certain contexts. Several points stand out. First, the Reves decision principally focuses on whether a particular instrument is both bought and sold as an investment. Second, while each protocol must be analyzed on its own facts, that focus on investment, and the attendant investor-investee relationship, may not fit DeFi protocols (and their associated tokens), given their decentralized nature. In particular, how the test would apply to liquidity provider tokens (LP Tokens), which are commonly issued as deposit receipts by decentralized protocols, is unclear. Finally, applying Reves to protocol-driven DeFi platforms — particularly without additional public guidance from the SEC — raises questions of fair notice and poses risks to the continued development of DeFi in the US.

Reves v. Ernst & Young: A Primer

In Reves, the Court considered an important question: what kind of instrument qualifies as a “note,” such that it can be regulated as a “security,” under the Securities Exchange Act of 1934?[6] That law defines a security to include (among many other things) “any note … [except for a note] which has a maturity at the time of issuance of not exceeding nine months.”[7] To determine what kinds of notes qualify, the Court adopted the “family resemblance test,” which features a grab-bag of legal concepts, including a rebuttable presumption, seven potential analogies, and a multifactor balancing test.[8]

In particular, under the Reves test, the threshold issue is whether the instrument in question is a note exceeding nine months’ maturity. If so, the note is presumed to be a security; if not, then no presumption applies.[9] The presumption that a note is a security can be rebutted in one of two ways. First, one can show that the note bears a strong family resemblance to one of seven kinds of instruments that are not securities:

  1. A note delivered in consumer financing
  2. A note secured by a mortgage on a home
  3. A short-term note secured by a lien on a small business or its assets
  4. A note evidencing a character loan to a bank customer
  5. A short-term note secured by the assignment of accounts receivable
  6. A note that formalizes an open-account debt incurred in the ordinary course of business
  7. A note evidencing loans by commercial banks for current operations[10]

At base, a note may not be a security if it serves a non-investment purpose or if it is sufficiently collateralized.

Second, assuming the instrument does not bear a strong resemblance to one of those categories, the presumption may yet be rebutted if the balance of four factors indicates the note is not a security. Those factors are:

  1. The motivations of the buyer and seller: “If the seller’s purpose is to raise money for the general use of a business enterprise or to finance substantial investments and the buyer is interested primarily in the profit the note is expected to generate, the instrument is likely to be a ‘security.’”[11]
  2. The plan of distribution: If there is “common trading for speculation or investment” in the note, it is more likely to be a security.[12]
  3. The reasonable expectations of the investing public: If the public reasonably considers the notes to be securities, the Court may consider them as such despite a different economic reality.[13]
  4. Risk-reducing considerations: If some factor reduces the risk of investment, like an alternative regulatory scheme or underlying collateral, such that application of the securities laws is unnecessary, the instrument may not be a security.[14]

While the legal analysis is fact-specific (and not very clear), it centers on one main question: Is the instrument both sold and purchased as an investment?[15]

How the Reves Court applied its own test is instructive. The financial instrument in Reves was a promissory note sold by a farmers’ co-op to fund its business operations.[16] That kind of note, the Court held, was a security because it did not fall within any of the seven enumerated categories of exempted notes, and because all four factors favored treating it as such. The Court emphasized that “[t]he Co-Op sold the notes in an effort to raise capital,” and the “purchasers bought them in order to earn a profit in the form of interest.”[17] Moreover, the notes were advertised to the general public as “investments.[18] Finally, the notes were “uncollateralized and uninsured,” making regulation desirable to protect investors.[19]

The Court also rejected the idea that notes payable on demand — like the promissory notes in that case — matured before nine months, such that they are non-securities under the statute.[20] The Court considered the statutory text ambiguous on the question, and so relied on the general purposes of the securities laws in holding the demand notes to be securities.[21]

Reves and the SEC’s Approach to Web3 to Date

What does this mean for the SEC’s stance on Web3 and DeFi? Historically, not much. The SEC’s regulation of digital assets has long focused on a different Supreme Court case: SEC v. Howey.[22] The Howey test governs “investment contracts” — which, like notes, are included in the statutory definition of a security.[23] In enforcement actions and public messaging alike, the SEC has typically analyzed digital assets through the lens of Howey.[24]

The SEC’s approach may be starting to change. On August 6, 2021, the SEC announced a settlement and cease-and-desist order regarding DMM, relying in part on Reves. DMM had sold two kinds of digital tokens to investors, which the SEC deemed to be unregistered securities.[25]

First, DMM sold “mTokens” in exchange for an investment of digital assets. The tokens, DMM told investors, would accrue 6.25% interest, according to the order. While marketed as typical DeFi LP Tokens, to generate that return, DMM and its founders would use the deposited digital assets to acquire tangible income-generating assets, like car loans.[26] In fact, as the SEC separately explained in finding DMM’s founders liable under the securities laws’ antifraud provisions, DMM had misrepresented its business to investors because it had not actually acquired those assets.[27]

Second, the company sold “DMG tokens” for millions of dollars in an initial coin offering (ICO). The tokens would ostensibly give investors governance rights in the company and could be traded on secondary markets.[28] According to the order, DMM and its founders used the proceeds to expand DMM’s business: it “hired programmers to build the technological architecture” and “identified assets that could generate interest for mTokens.”[29] DMM also used its own reserve of DMG tokens to try to generate a secondary market in the DMG tokens.[30]

The SEC found both tokens to be securities. It explained that the tokens qualified as “investment contracts” under Howey, because they were investments in DMM’s business with the goal of earning the holder a profit, and the success of those investments turned on DMM’s managerial efforts.[31]

The SEC then found further that the mTokens were securities under Reves. In its view, all four factors favored that result: (1) the mTokens were sold “to raise funds” for DMM’s business (purchasing income-generating assets and building out its smart contracts) and were purchased as investments (to generate interest from DMM’s investments); (2) the tokens were sold to the general public; (3) DMM promoted mTokens as investments; and (4) no factor reduced the risk of the tokens.[32]

Reves and Protocol-Driven DeFi Platforms

Despite the SEC’s recent statements, Reves seems like a poor fit for protocol-driven DeFi platforms. The Reves decision was based on an investment relationship that is absent in many DeFi protocols. Without that sort of relationship, what can be gained from regulating DeFi and LP Tokens as securities under Reves is not clear.

It is instructive to look more closely at the SEC’s action against DMM, a company that the SEC viewed as decentralized in name only. At every step, DMM and both kinds of tokens it sold were centrally directed and managed: the company sold tokens in an ICO to fund its centralized efforts to build up the network; the company claimed to use funds from token sales to purchase assets the company itself selected; and the company’s founders used their own cache of tokens to generate a secondary trading market. According to the order, very little in DMM’s business model was decentralized. It promised to use smart contracts on the blockchain to pool investors’ assets, but the company decided for itself how to invest those assets. The SEC’s Howey and Reves analyses focused on the centralized nature of the enterprise, and the buyer-seller relationship between token purchasers and DMM. The company sold the tokens to investors to “raise funds for the general use of its business,” creating “a reasonable expectation that purchasers of the tokens would earn profits derived from [the founders’] essential efforts managing the DMM business and creating a trading market for DMG tokens.”[33]

Whatever the merits of the SEC’s argument as to DMM, Reves does not appear to be a useful tool to analyze many decentralized protocols used in DeFi. One issue is that protocol-driven DeFi transactions, even ones in which LP Tokens are issued, may not qualify as notes. According to the seminal legal dictionary, “a note is a two-party negotiable instrument,” in which “one party (the maker)” promises to “pay money to another party (the payee) or to [the] bearer.”[34] Truly decentralized protocols are generally not structured as bilateral arrangements. Rather, the parties interact with the protocol itself, as they seek to rely on code rather than any central party or counterparty to execute the transaction. Indeed, the original purpose of DeFi (unlike DMM’s model) is to eliminate the need for intermediaries and central managers.

That same problem makes it difficult to analyze these functions under Reves’ multi-factor test. As noted, Reves analyzes whether a particular note is bought and sold as an investment. But in many DeFi protocols, a buyer-seller or investor-investee relationship is hard to identify. Even assuming the buyer is primarily interested in profit, a particular seller or entity raising money “for the general use of a business enterprise or to finance substantial investments”[35] may be absent. Often a party transacts directly with a liquidity pool operated by a smart contract, which is just computer code deployed to a blockchain. In fulfilling that function, the protocol does not appear to be “rais[ing] capital for its general business operations.”[36] And in that regard, the protocol does not appear to act as the kind of seller that concerns the securities laws: the transaction does not implicate the kind of information asymmetry or duty of disclosure that might traditionally exist between an issuer and a buyer, which is an animating concern of securities laws.[37]

Two examples may help illustrate the distinction. The first is a traditional IPO, in which the company going public may have information critical to a would-be investor’s decision to invest. The second is Reves, in which the co-op selling promissory notes had information about the business’ health (or, in that case, insolvency), which was critical to a buyer’s calculus about the risks of purchasing the notes.[38] Those classic information asymmetries do not typically exist in DeFi, where no issuer exists. A decentralized protocol usually does not have any non-public information; its code is public knowledge, and so information is by definition available to all.[39] Absent the traditional issuer-buyer relationship, and the attendant information asymmetry that underpins much of securities regulation, the balance of factors seems to weigh against deeming such transactions to be securities under Reves.[40]

Moreover, even if something like an LP Token might otherwise be a note under Reves, many such tokens may arguably mature prior to nine months — and thus fall outside the statute’s coverage — because they can be redeemed at any time.[41] In Reves, the Court rejected the argument that demand notes matured prior to nine months, but the Court declined to resolve the precise scope of the exception.[42] The courts of appeals have generally construed the scope to reach only “commercial paper.”[43] But as one court recently recognized, that reading is in tension with the statutory text.[44] And as then-Chief Justice William Rehnquist explained in the four-Justice dissent in Reves, that reading originated in a few snippets of equivocal legislative history of a different securities law.[45] Employing currently prevailing textual approaches to statutory interpretation, the Court may not adopt the commercial paper reading. If the SEC decides to pursue regulation of protocol-driven DeFi through Reves, it could eventually lead the courts to revisit the nine-month-maturity exception.

Also unclear is whether regulating DeFi transactions under Reves advances the broader goals of securities regulation. The securities laws aim “to promote full and fair disclosure of information to the public in the sales of securities.”[46] Truly decentralized protocols have no central party — no issuer, no bank, no intermediary — from which to demand that kind of disclosure. The critical information lies in the smart contract’s code and on the blockchain, which are typically open source and audited. There is thus no obvious “information asymmetry” that a central issuer, or regulation of such an issuer, could help solve.[47] DeFi transactions are automatically processed by smart contracts deployed to a blockchain, with no one at the wheel to file SEC forms, and nothing to put in such forms that is not already available to the public.

Finally, applying Reves to DeFi, particularly as part of a regulation-by-enforcement approach, raises fair notice questions. As the SEC recently stated in its litigation against Ripple, “[t]he standard for fair notice of civil statutes that regulate economic activities is whether the law is ‘sufficiently clear that its prohibitions would be understood by an ordinary person operating a profit-driven business.’”[48] Whether Reves’ potential application to DeFi and LP Tokens would pass this test is unclear. In choosing to regulate digital assets and Web3 through enforcement, rather than rulemaking, the SEC has already created an uncertain landscape. Adding Reves to the mix increases that uncertainty. The Howey test has its own shortcomings in this regard, but it at least imposes several specific requirements, all of which must be met for something to be considered a security. The SEC also has helped clarify how the Howey test applies to digital assets. Reves, by contrast, demands consideration of multiple analogies and a multifactor balancing test, with little clarity about how those factors fit together. The vagueness and uncertainty in this approach give parties little notice about what conduct is permitted and what conduct is prohibited. Considering the potential consequences of violating the securities laws, that lack of clarity raises serious fairness questions.

For example, the Reves test includes an analysis of whether any “risk reducing factors” are present that would render the application of securities laws unnecessary. Such factors can include the presence of “collateral” and the existence of an alternative regulatory mechanism.[49] Although an alternative regulatory scheme may be absent, DeFi protocols have a number of ways to reduce risks to investors, including through requirements on over-collateralization and self-insurance. But these measures reduce capital efficiency, so DeFi protocols may not choose to implement them without guidance from the SEC about whether and how Reves applies to protocol-driven DeFi and/or LP Tokens and how these types of measures can help. Such guidance, including about risk-reducing factors, may be a more effective way to ensure the safety of investors participating in DeFi, rather than pursuit of regulation by enforcement, which may be inconclusive and will take time to develop.

Conclusion: The Potential Costs of Applying Reves to DeFi

Applying Reves to DeFi broadly raises difficult legal and policy questions and may threaten to impede innovation in an important and fast-moving area. Faced with added uncertainty about compliance with the securities laws, businesses and entrepreneurs may be less likely to get involved with DeFi enterprises in the US. Such costs should not be ignored in considering whether and how to apply a technical 30-year-old Supreme Court decision.

The Web3 community would benefit from additional SEC guidance about whether and to what extent truly decentralized financial transactions and related LP Tokens qualify as securities. For the reasons detailed in this post, Reves may not map well onto DeFi protocol transactions. The SEC may be able to provide greater clarity and more effective direction through guidance or rulemaking, rather than by way of enforcement actions.

 

Endnotes

[1] Reves v. Ernst & Young, 494 U.S. 56 (1990).

[2] Gavin Wood coined the term Web3 in 2014. See DApps: What Web 3.0 Looks Like (Apr. 17, 2014) http://gavwood.com/dappsweb3.html. There are many ways to define Web3, including a recent distillation by Wired: “At the most basic level, Web3 refers to a decentralized online ecosystem based on the blockchain. Platforms and apps built on Web3 won’t be owned by a central gatekeeper, but rather by users, who will earn their ownership stake by helping to develop and maintain those services.” The Father of Web3 Wants You to Trust Less, Wired (Nov. 29, 2021), https://www.wired.com/story/web3-gavin-wood-interview.

[3] DeFi is an umbrella term for financial services on public blockchains, primarily Ethereum.

[4] Oversight of the U.S. Securities and Exchange Commission Before the S. Comm. on Banking, Housing, and Urban Affairs, 116th Cong. (Sept. 14, 2021) (testimony of SEC Chair Gary Gensler), https://www.banking.senate.gov/hearings/09/10/2021/oversight-of-the-us-securities-and-exchange-commission; Caroline A. Crenshaw, SEC Commissioner, Digital Asset Securities – Common Goals and a Bridge to Better Outcomes (Oct. 12, 2021), https://www.sec.gov/news/speech/crenshaw-sec-speaks-20211012; Gurbir Grewal, Director of SEC Division of Enforcement, 2021 SEC Regulation Outside the United States – Scott Friestad Memorial Keynote Address (Nov. 8, 2021), https://www.sec.gov/news/speech/grewal-regulation-outside-united-states-110821.

[5] In re Blockchain Credit Partners d/b/a DeFi Money Market, Securities and Exchange Commission File No. 3-20453 (Aug. 6, 2021), https://www.sec.gov/litigation/admin/2021/33-10961.pdf (DMM Order).

[6] 494 U.S. at 60.

[7] 15 U.S.C. § 78c(a)(10). The Securities Act of 1933 contains a similar definition, and the Court has interpreted the two identically. See Reves, 494 U.S. at 61 n.1.

[8] 494 U.S. at 65.

[9] Id.

[10] Id. at 65.

[11] Id. at 66.

[12] Id.

[13] Id.

[14] Id. at 67, 69.

[15] As the Court explained later in its opinion: “We have consistently identified the fundamental essence of a ‘security’ to be its character as an investment.” Id. at 68-69.

[16] Id. at 58-59.

[17] Id. at 68-69.

[18] Id.

[19] Id. at 69.

[20] Id. at 71-73.

[21] The Court left open whether a note that matures on a date certain prior to nine months is not a security. Given the statute’s plain language — excluding any note “which has a maturity at the time of issuance of not exceeding nine months,” § 78c(a)(10) — the answer seems obviously no. But lower federal courts had at that time read the provision (notwithstanding its text) to reach only “commercial paper.” Id. at 74 (Stevens, J., concurring). As we discuss briefly later, that position may be untenable under the Court’s modern approach to statutory interpretation. See, e.g., Bostock v. Clayton County, 140 S. Ct. 1731 (2020).

[22] SEC v. W.J. Howey Co., 328 U.S. 293 (1946)

[23] 15 U.S.C. §77b(a)(1).

[24] See, e.g., Gary Gensler, Remarks Before the Aspen Security Forum, https://www.sec.gov/news/public-statement/gensler-aspen-security-forum-2021-08-03 (Aug. 3, 2021); Compl. ¶¶ 205-06, SEC v. Ripple, Case No. 1:20-cv-10832 (S.D.N.Y. Dec. 22, 2020) (ECF No. 4), https://www.sec.gov/litigation/complaints/2020/comp-pr2020-338.pdf; see also Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Securities and Exchange Commission Release No. 81207 (July 25, 2017), https://www.sec.gov/litigation/investreport/34-81207.pdf.

[25] DMM Order, supra note 5, at 9-11.

[26] Id. at 4-6.

[27] Id. at 11-12.

[28] Id. at 8-9.

[29] Id. at 2, 9.

[30] Id. at 9.

[31] Id. at 9-11.

[32] Id. at 10-11.

[33] Id.

[34] Note, Black’s Law Dictionary (11th ed. 2019) (first emphasis added).

[35] Reves, 494 U.S. at 66.

[36] Id. at 67.

[37] Pinter v. Dahl, 486 U.S. 622, 646 (1988). As former Director of SEC’s Division of Corporation Finance William Hinman put it: “The impetus of the Securities Act is to remove the information asymmetry between promoters and investors.” Digital Asset Transactions: When Howey Met Gary (Plastic), (June 14, 2018), https://www.sec.gov/news/speech/speech-hinman-061418.

[38] 494 U.S. at 58-59.

[39] The parallel body of securities law addressing insider trading based on misappropriation of confidential information, see, e.g., United States v. O’Hagan, 521 U.S. 642 (1997), applies more broadly than to issuers, but in this context leaves open the threshold question of whether an instrument is a security.

[40] Application of any test like Reves will depend on how, in practice, a specific instrument or company operates. In each instance, there will be additional facts and considerations that will be relevant to the legal limitations of any attempt to apply or expand upon Reves.

[41] 15 U.S.C. § 78c(a)(10).

[42] Reves, 494 U.S. at 71-73; id. at 76-82.

[43] Id. at 74 (Stevens, J., concurring).

[44] See Auctus Fund, LLC v. Sauer Energy, Inc., 444 F. Supp. 3d 279, 280 (D. Mass. 2020).

[45] 494 U.S. at 79 (Rehnquist, CJ., dissenting) (explaining that courts’ “commercial paper” holdings turned on unconvincing “legislative history” in the 1933 Act that courts had questionably “transpose[d]” to the 1934 Act).

[46] Pinter, 486 U.S. at 646.

[47] Hinman, supra note 37.

[48] SEC’s Motion to Strike Affirmative Defense (ECF No. 132), Ripple, supra note 24, at 22-23 (quoting Irvine v. 233 Skydeck, LLC, 59 F. Supp. 2d 799, 803 (N.D. Ill. 2009)).

[49] 494 U.S. at 69.