Recent SEC clarity on what tokens are and are not securities is baffling in several ways. And what you are probably expecting. This is not about Howey or collective enterprise or any sort of judicial test. It is about how the SEC seems to be offering guidance that soft-endorses business models that either render the SEC entirely redundant or run afoul of other already-clear laws.
First: the SEC seems to interpret the phrase "administrative and ministerial activities" to include a lot of things most people would could consider core business decisions. But fair enough if sufficiently narrowly scoped, even a core business decision can be just admin work. More on that below. But what we really find confusing are the language choices and what sure look like overt endorsements of business models that are illegal for reasons that have nothing to do with securities laws. The SEC also seems to offer a roadmap for currently regulated businesses to escape regulation by changing internal technical procedures with no economic substance. These are all odd choices!
The SEC appears to endorse, or at least chooses to use as examples of "acceptable" arrangements, strange applications of the already well-understood terms "custody" and "user agreement" and "intended." And the shortest, simplest way to explore this is to pull out a few of the SEC's zanier uses of these terms and then show how we can assemble a clearly-not-legal business it seems the government just gave a stamp of approval.
Of course this SEC document provides no formal legal cover for anyone. It is not an impenetrable legal shield for all forms of law breaking. But if someone has argued for years the laws were unclear, and then the government issues this kind of clarification, and then you get prosecuted...you at least have a solid defense on the "I did not intend to commit a crime" and "I thought this was fine" fronts. As we have long posited, that has been the main goal of most Web3 lobbying in DC: not compliance or legality but rather plausible deniability sufficient to defend charges requiring intent.
Strange Words
A lot of the oddest parts of this SEC document pertain to liquid staking. A liquid staking provider takes in tokens from users, issues receipts for those tokens to uses, and then stakes what was deposited by the users. The receipts are generally freely tradeable. And earnings from the staking flow, somehow, back to the receipt holders. Further, those receipt holders can redeem for the initial deposit amount plus accrued interest at the time of their choosing.
There are many possible designs to build this kind of functionality and the SEC works through a range of possible configurations. Here are two of their sentences about liquid staking:
In addition, the Liquid Staking Provider’s taking custody of the deposited digital commodities and in some cases selecting a Node Operator does not constitute essential managerial efforts because these activities are administrative or ministerial in nature.
In the latter case, this selection is the Liquid Staking Provider’s only decision in the staking process, and that decision may be automated.
Interesting. So the liquid staking scheme takes custody of funds and the whole thing "may be automated." They use custody and may . So a nebulous collective legal entity can take custody of assets and manage them manually and this causes no trouble so long as the scope of those activities is limited? Really?
And it would seem the SEC does not even require the scope to be limited by design! It is sufficient, they write elsewhere, that:
The Liquid Staking Provider typically enters into an agreement with the Depositor, such as a user agreement or terms of service, providing that the Depositor retains ownership of the digital commodities.
So it is sufficient for the system to grant plenary power to the liquid staking provider so long as a user agreement or terms of service constrains discretion? The whole argument around web3 products not fitting traditional regulations used to be that self-custody and the use of immutable code meant systems could be secure and non-custodial by design. Now the argument is "our lawyers can write really tough user agreements" instead?
The SEC looks to have endorsed the view none of this is about technology and it is all about vibes. Seriously:
At all times during the staking process, the deposited digital commodities remain in the control of the Custodian, and the Depositor is intended to retain ownership of the digital commodities held by the Custodian.
By using "intended" instead of "the immutable software makes it so" this whole document gives up the pretense any of this is about technology. A user agreement a evidence of intent is just an appeal to lawyers. Lawyers are not, you know, technology. They are lawyers.
That last quote says it is perfectly fine for a liquid staking scheme to take custody of funds and give whoever holds admin keys for the smart contracts total independent control over those funds as long as everyone intends for the end user to retain control. The SEC is telling us what matters is whether the scheme intends to use this total independent control for good or evil. Right.
Obviously this is not self-custody. It is, rather, a trusted arrangement governed by a user agreement outside of any regulatory framework. No software at all is required to achieve that.
TradFi Interlude
If the above scheme is acceptable then you should be able to set up a money market fund business without any securities filings or registrations or regulatory oversight at all.
Short-term government bonds and other money-market instruments are exempt from securities laws. So it should be fine to set up a business that takes deposits into a central, custodial, bank account and invests that money into T-bills.
As the process need not be automated this can all be manual. And the bank account can be in the personal name of the fund manager so long as they have a user agreement in place limiting what that manager is allowed to do with the money.
Go back and read the above quotes. This simple money market fund scheme should be fine.
Now maybe you would need to take deposits in stablecoin and buy only tokenized government bonds but...is this really what anyone thinks is correct? By using a certain type of software you can convert the above outlaw scheme into a fund exempt from regulatory scrutiny. Really?
Also notice there are no requirements in the SEC guidance around the staking mechanism being decentralized. You could even set up your own private blockchain that puts the underlying money into T-bills and pays it out via some staking process and then put your fund's money into those tokens and stake them. Even if you decide to use technology to more closely match the language of the guidance that technology can be a thin, substance-free, wrapper. The SEC's guidance makes clear they do not care how the technology works – they care what the doc says and what your intent, as evidenced by those docs, is.
The SEC would seem to believe the SEC is now surplus to requirements and privately negotiated, privately enforced user agreements are sufficient to regulate fund management. Or at least that SEC regulation for funds should be opt-in.
And it is not just money market funds. As the investment process does not need to be automated there is no reason you could not set up a simple permissioned on-chain voting mechanism to direct investments into anything. The code can be upgradeable. The contracts can take custody. Just make sure you have a user agreement!
Obvious Problems
So those examples above are problematic in part because they remove the SEC from the entire fund manager supervision process. But if the SEC does not want to do that anymore there really is no way to force them to do it. The SEC could just as well not issue these statements but take zero enforcement actions. Same difference.
Quickly recall here that in early 2025 the US DOJ issued a statement which roughly said Web3 projects would not be prosecuted for money transmission violations unless they were intentional. Now consider the SEC guidance and look at the following setup:
- Set up a Bitcoin address.
- Take in Bitcoin from anyone.
- Issue permissionless ERC-20 receipt tokens.
- Charge fees somewhere and use them to fund a tiny yield on the Bitcoin and rebase the ERC-20 tokens via whatever tech web3 mumbo jumbo your BD team can dream up.
- Allow redemptions of those ERC-20 tokens to any Bitcoin address.
- Write up a user agreement that states the intent is for the depositor to retain control.
This is a great money laundering tool! It violates a huge range of laws all over the world. But the SEC just endorsed it and the DOJ is on the record with not prosecuting so... what do we do now?
Actually we can go one better: set up the Bitcoin address in Coinbase custody. Now Coinbase has endorsed your model too. So taking any action requires toppling a huge edifice of "guidance" that does not promise to be real legal cover but where it would be super embarrassing for many people if the whole thing got ripped to shreds. We have written before about a suspicion this sort of strategy was always the industry plan.
If you think this is an exaggeration, go read the guidance for yourself. The SEC really does guide that custodial arrangements can escape scrutiny by producing user agreements as evidence of intent to not use the custodial powers for, well, anything. This is the end of a long cycle that began with complaints the SEC was trying to apply a model based on intermediaries to technology where intermediaries where not needed.
Now, somehow, the intermediaries are still there. And still have plenary powers. But it is all fine and different because a piece of paper constrains their actions.
What Now?
If the SEC wants to accept restrictions in user agreements without any sort of real "physical" controls as sufficient to render arbitrary discretion into administrative and ministerial activities, then many fund management businesses should have their compliance department write up some user agreements right before firing everyone in compliance. Maybe these managers need to pivot to accept stablecoins or make other non-substantive technical changes. But those have to cost less than maintaining a compliance department.
Then all those fund managers need to ensure their lobbyists – who, recall, will be the only lawyers left once compliance is liquidated – keep the terms up to date with no intent to violate the law. Again, maybe they need to run some permissioned token voting process or similar for the investment committee but that too has gotta cost less than a legal team.
Finally marketing. Nobody should be writing things like " Welcome new Russian oligarch Samourai Wallet users ," because that foils the intent defense. But maybe it is fine to start with how your product continues to meet its regulatory commitments and claim that no sanctions violations were found before pivoting to how your actions were consistent with applicable sanctions laws and were the result of its effective compliance program but also admitting you do not really know where the money came from or went to because there were at least three intermediary unattributed wallets in the way. And, of course, all the while everyone knows the laws in question are strict liability , which means even if you intended to not violate the law and tried to not violate the law and did not know you had violated the law you can still be guilty. On that dispute who knows who is right and who is wrong. It will get litigated and we will see. If the SEC's guidance is considered reasonable and cogent and of any legal weight at all then, honestly, Binance should be allowed to rely on their user agreement and public statements of intent as defenses.
Maybe all of this does work. There is a theme here. And with each round the stakes go higher and higher. If the SEC provides a trivial end-run for fund management supervision, the CFTC takes over all event trading in such a way that everything is a commodity where insider trading does not exist and wilful blindness is a defense to strict liability sanctions laws then, well, Satoshi won but also lost. The third sentence of the Bitcoin whitepaper is:
Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes.
The paper then goes on to describe a system in which parties that do not know each other and never meet can reliably exchange value. Decentralization exists to remove the financial institutions that sit in the middle so there is no dispute resolution mechanism. The scheme does not remove fraud – it removes disputes by removing intermediaries that can be expected or required to manage disputes about fraud. As there are no middlemen there are middlemen-related problems.
But we what described above is entirely different. It does not need decentralization. It still has intermediaries. Non-reversible transactions are instead made possible when trusted intermediaries publish user agreements stating that they will not mediate anything and all payments are final. Wow.
And to think that "obvious solution" was sitting there all the time. All we needed was for regulators and law enforcement to decide they will defer to private contracts over what are really quite clear, detailed and legally undisputed powers . This SEC guidance is not about technology at all. The regulator clearly does not care if your Web3 system is self-custody or real DeFi or if it is just a centralized custodial system near a blockchain. If you use blockchain words and write a good user agreement, you are good to go. Interesting outcome.
