There’s no such thing as a decentralized exchange

Peter Van Valkenburgh is Director of Research at Coin Center, a non-profit think tank focused on cryptocurrency policy research and advocacy.

Lately, there’ve been days when crypto trading volume through decentralized exchanges (DEX) has outstripped volume on major centralized exchanges. Last year in Coin Center’s report on constitutional law and decentralized exchange, we foreshadowed this shift and the effect it could have on regulations:

“Regulators have come to expect that any exchange from one cryptocurrency to another will — by necessity — occur through trusted third parties … While this is unlikely to change with regard to exchanges between sovereign currencies and cryptocurrencies (due to the need for a trusted legal entity to maintain banking relationships in order to deal in sovereign currencies), it will soon no longer be the case for exchanges between cryptocurrencies and any other assets that are similarly blockchain-based”.

Thanks in large part to enthusiasm for new, Ethereum-based decentralized finance (DeFi) projects , the shift is happening even more rapidly than we thought. What should you know about the intersection of decentralized exchange and US regulatory policy?

First, if a decentralized exchange is truly decentralized (and I can’t stress that caveat enough), then grammatically it’s an action not a thing, a verb and not a noun: I make a decentralized exchange; not, I use a decentralized exchange.

When I use free software and an open blockchain network to trade one token for another directly with another trader, then I am engaged in decentralized exchange — an action, just as I might engage in running or paying. We have this habit of saying that a DEX is a thing rather than an action because we are stuck in a centralized services frame of mind. Coinbase is a thing, a business, a corporation. But if the trade is actually happening peer-to-peer, then the “DEX” being “used” is just software and an internet connection. In that case, there isn’t a thing called a DEX. There are no DEXs; there is just decentralized exchange, the action, taking place using software tools, open blockchains, and the internet.

Calling those tools “a DEX” and referring to “DEXs” as a category of things that exist in the world (rather than actions) does the entire technology a disservice: it wrongly portrays software tools as persons or businesses with agency and legal obligations. Corporations and persons — legal or natural — definitely have agency and obligations; software tools do not. Corporations and persons can be held responsible for their actions, software tools cannot.

That doesn’t mean that people won’t be obligated to use or not use those tools in certain ways, and that does not mean that people or businesses will not be liable for facilitating illegal activities merely because they built those tools or broadcast tool-related messages over the internet. But it does mean that the tool itself can’t be treated as a target of regulation any more than we could place legal obligations on hammers instead of carpenters, or automobiles instead of drivers.

If a “decentralized exchange” isn’t made with free software and an open blockchain alone, and if there is also a critical middleman of some sort, then it’s not really a DEX at all. Long story short, we probably shouldn’t use the term DEX to describe any service or thing. It’s either an action or it’s a thing that has been misnamed.

Second, you should know that there are three distinct areas of policy that are particularly relevant to decentralized exchange: financial surveillance (also known as anti-money-laundering), securities regulation, and constitutional law (First and Fourth Amendment, free speech rights and search and seizure rights respectively).

The first two categories, surveillance and securities, are regulatory structures that may or may not apply to persons developing, implementing, hosting, or using decentralized exchange infrastructure. The third, constitutional law, can be a shield for those people from regulatory application in certain circumstances. We’ll go through each now briefly, but Coin Center also has long-form reports on each subject for anyone who is especially curious.

Financial surveillance and DEX

Since the 1970s, the Bank Secrecy Act (BSA) — a federal law — has obligated financial institutions serving U.S. persons to collect and report certain information about their customers’ identities and transactions to a bureau of the Treasury Department, the Financial Crimes Enforcement Network or FinCEN for short. This category of obligated businesses, financial institutions, originally included only those who were obviously engaged in traditional financial services, such as insured banks, but grew to include a variety of finance-adjacent businesses like pawn shops, casinos, and, yes, cryptocurrency custodians and exchanges. This is the law that obligates exchanges to do “know your customer” checks, and to report suspicious transactions to law enforcement in so-called Suspicious Activity Reports or SARs. As we’ll address at the end of this article, it’s worth noting that all of this data collection, retention, and reporting (arguably a search and seizure of sensitive customer data) takes place entirely without warrants or any particularized suspicion on the part of law enforcement. It’s a warrantless dragnet. That aside, how do these financial surveillance laws apply to decentralized exchange?

Since Coin Center’s inception in 2014, we’ve made the narrow application of the BSA a priority. We have argued repeatedly that the only activities performed using cryptocurrency that should trigger surveillance obligations are those in which a person or business has actual control over the cryptocurrency of another person (their customer) and acts on their behalf. This mirrors traditional financial services — we expect that banks (who hold people’s dollar accounts) will be subject to the BSA, but we don’t expect safe manufacturers (who simply build tools that allow persons to hold their own cash or valuables) to be subject to the Act.

The same should be true with respect to cryptocurrency business