Thinking DAOs Are Enforcement-Proof? Think Twice

In our previous post "How Do You Sue a DAO? These Recent Developments May Shed Some Light ," our partner, Mioko Tajika, looked into the legal status of a DAO and explored the uncertainties and implications associated with the operation of a DAO from a legal perspective. Now, with a recent action brought against Ooki DAO by the U.S. Commodity and Futures Trading Commission (the "CFTC"), we have the opportunity to see some of the uncertainties raised in our previous posts answered.

CFTC filed on September 22, 2022 to initiate an action against Ooki DAO for its alleged violations of the Commodity Exchange Act, relevant CFTC regulations and the Bank Secrecy Act. The facts underlying the alleged violations include (a) the offering of decentralized commodity leveraged trading features by Ooki DAO's to its users through its bZx Protocol without being properly registered as a futures commission merchant, and (b) its lack of sufficient customer identification program required under the Bank Secrecy Act. While the laws governing the violations have been those that have developed and enforced for decades, what are truly intriguing, in the context of operations of DAOs and DeFi, is how CFTC serve process on Ooki DAO and how the members of Ooki DAO are or will be treated in the action.

CFTC's Service of Process on Ooki DAO

The first aspect that is worth discussing in CFTC's action is that the court upheld CFTC's service of process on the Ooki DAO "by providing a copy of the summons and complaint through the Ooki DAO's Help Chat Box, with contemporaneous notice by posting in the Ooki DAO's Online Forum. " As discussed in our previous post, "whom to serve process upon and whether the recipient is authorized to receive process" has been a material hurdle when suing a DAO given a DAO's murky legal status and the nature of its operation. CFTC proceeded with its service of process by submitting to the court in its filing that:

(i) as observed by the commission, Ooki DAO has no established headquarters, physical office locations, mailing address or listed representatives (or agent) to accept service, nor has it registered as a legal entity in any of the 50 states;

(ii) the Ooki DAO website has a "help chat box" that prompts users to communicate or submit any texts or attachments through the chat box;

(iii) the Ooki DAO website has a link to an online forum, where the holders of Ooki DAO Token (the governance token of the DAO) to discuss and vote on governance issues;

(iv) upon the filing of the complaint, the commission also has delivered relevant filing documents through Ooki DAO's chat box and posted the documents on the DAO's forum, observing from Ooki DAO's Telegram channel (to which the commission had requested and obtained access) that at least 38 messages were discussing the complaint and a member of the Ooki DAO identified as a "Community admin" stated that "[I]'m sure there will be an official statement from the Ooki DAO team soon."

While it is not discernable from the court's order as to what are the decisive factors driving the court to uphold CFTC's service of process, we could still deduce from the surrounding facts, as laid out by CFTC, that Ooki DAO has numerous members acting as the "administrator" of the DAO and that the communications through the unconventional channels (i.e., help chat box and online forum in this incident) could still provide sufficient notice to those that "govern" the DAO. These facts, when determined collectively, could be used as the basis for future actions brought against a DAO, regardless of whether the action is initiated by a regulator or a private party.

Potential Liabilities of Ooki DAO Members

Another aspect that is worth noting is that members of Ooki DAO who hold governance tokens may be held personally liable for the alleged violations of the DAO. One popular view concerning the liability of the members of a DAO is that such members are shielded from claims and liabilities given the nature and operation of a DAO. In our previous post, we had discussed that "[a] popular (untested) view… is that a DAO is akin to an ‘unincorporated general partnership,'" and that because the DAO is not incorporated, there will be no corporate shield for members of a DAO deemed as an unincorporated general partnership, thereby making its members jointly and severally liable with the DAO and other members. CFTC's enforcement action has just reflected the above popular but untested view.

In this enforcement action, CFTC not only goes after Ooki DAO with a federal civil enforcement action in California but the two individual founders (i.e., Tom Bean and Kyle Kistner) of the DAO, with whom CFTC reached a separate settlement for the identified violations. In CFTC's complaint against Ooki DAO for the commission's civil enforcement action, the commission expressly stated that the DAO is an "unincorporated association comprised of holders of Ooki DAO Tokens… who vote those tokens to govern (e.g., to modify, operate, market, and take other actions with respect to) the bZx Protocol…." While CFTC charged Ooki DAO as the principal responsible for the actions of the DAO's "members, officers, employees, and agents," it also expressly stated in the settlement order separately reached with the individual founders of the DAO that "[a]s members of the for-profit Ooki DAO unincorporated association (i.e., as Ooki Token holders who voted… to govern the Ooki DAO… Bean and Kistner are personally liable for the Ooki DAO's debts… they are personally liable for the Ooki DAO's violations…." Although such enforcement approach may still be subject to judicial testing, it nevertheless lays the ground for future actions and has accordingly resulted in the exposure of those who hold and actively vote governance tokens of a DAO to significant risks comprising of joint and several liabilities.