With respect to DeFi, this Article highlights ambiguities inhabiting legacy disclosure obligations and offers a conceptual roadmap for assisting developers and regulators. Furthermore, it introduces a series of crypto-native tools to modernize disclosure delivery in DeFi systems.
Disclosure is an area in DeFi where founders’ and regulators’ interests can overlap in surprising ways. Market participants need to differentiate their dapps to compete and grow—just as regulators have long demanded transparency in order for people to know what they are buying. But adapting disclosure frameworks popularized in the 1930s to today’s digital marketplace requires bridging decades of technological evolution and fundamentally alien assumptions about market infrastructure.
This Article contributes to that work. It observes that DeFi presents novel policy questions for disclosure because much of the material information required to participate in an informed way is already available to technologically sophisticated actors on blockchains. This feature is relevant when contemplating how and for whom a disclosure system for DeFi should be modeled. Securities law, with its focus on institutional actors, calls for voluminous and often technical disclosures designed to be filed with authorities; by contrast, consumer protection frameworks rely on targeted, retail-friendly disclosures meant to be digested by everyday shoppers and end users.
Against this backdrop, this Article offers a framework transposable to securities law, but given the information already accessible to technologically savvy actors emphasizes the need for shorter, crisper disclosures typically associated with consumer protection law. It makes two key contributions. First, it highlights ambiguities inhabiting legacy disclosure obligations, and offers a conceptual roadmap for assisting developers and regulators seeking to identify relevant disclosure issue areas and principles. Second, it introduces a series of crypto-native tools to modernize disclosure delivery in DeFi systems, among them “Disclosure NFTs,” “Disclosure DAOs,” and “Disclosure DIDs.” If properly developed, these tools could potentially provide more functionality and security than the SEC’s Edgar database and afford a new generation of developers and engineers a unique opportunity to reorient disclosure towards its original New Deal purpose: to be read.
As regulators, industry participants, and academics have observed, decentralized finance (“DeFi”) operates very differently from the systems anticipated by our longstanding disclosure regimes. Traditional financial regulation has evolved from nearly a century of supervising entities that operated as centralized financial intermediaries between customers, clients and investors.1 DeFi, by contrast, is predicated on rules-based, encoded protocols redundantly enforced by numerous, independent parties.2 Thus, in contrast to centralized systems, where participants in a transaction need to trust each other or a third party for transactions to be successful, DeFi relies on computer programs where discretion is removed from technical operations.
This new architecture requires careful consideration as to how to apply regulatory requirements and expectations predicated on industrial companies and activities of the 1930s and 40s, before the advent of the internet, automation, or digital infrastructure. Nowhere perhaps is this more important than in disclosure, where in many ways industry and regulatory interests are aligned: market participants need to differentiate their products and services to compete and grow just as regulators have long demanded transparency in order for people to know what they’re buying. Yet successfully mapping rules devised in the New Deal to decentralized digital ecosystems will require a familiarization with core policy objectives among DeFi participants, as well as a basic understanding by regulators as to how the technology operates and interfaces with existing legal regimes.
This Article, which is part thought experiment, part legal analysis, offers a step in that direction, offering what is to this author’s knowledge the first broader analysis of disclosure, dapps and DeFi. In a first step, the paper provides an overview of the key building blocks of decentralized finance—decentralized applications (“dapps”). Specifically, it provides a brief overview of blockchains, protocols and smart contracts, and explains how each can be considered layers of decentralized infrastructures servicing a wide array of services and products.3
In a next step, the paper takes a closer look at the ambiguities that inhabit disclosure and decentralized applications. Part Two begins with an observation that the regulatory architecture for disclosure ultimately focuses on varying iterations of what consumers or investors need to know in order to make informed decisions. Yet the extent to which entities are legally bound to participate in prescriptive disclosure practices mandated by the government is not always obvious. Indeed, even where decentralized applications are clearly subject to oversight by the country’s primary disclosure regulator, the SEC, disclosure obligations can be ambiguous and largely fail to anticipate the particularities of blockchain infrastructures. The section shows how the legacy disclosure infrastructure is simultaneously under- and over-inclusive, in some instances failing to account for the most important aspects of the DeFi ecosystem, and in others imposing obligations with little to no relevance, creating both a lack of clarity and inefficiency in compliance.
Against this backdrop, Part Three offers a framework for assisting developers and policymakers seeking to identify potential issue areas for disclosure. The paper observes from the outset that disclosure in DeFi presents novel policy and strategic questions in part because of the transparency inherent to public blockchains—and that some of the most important information is readily available for technologically sophisticated actors. This feature takes on importance when contemplating the goals of a disclosure system for DeFi. Securities law and consumer protection regulations differ not only operationally, but also substantively. While securities law is based on voluminous submissions for parsing by institutional actors, consumer protection regulation focuses on targeted, retail-friendly disclosures meant to be digested by everyday consumers. In lieu thereof, the paper offers a framework for revamping Regulation S-K,4 but emphasizes the need for shorter, crisper disclosure approaches typically associated with consumer protection law. Highlighting the point, the paper additionally draws attention to the necessity of clarity and “Plain English” in disclosures for not just the business, but also technology in the space.
The Article ends with a thought experiment exploring what disclosure delivery could look like in a decentralized, blockchain-based ecosystem. It introduces new concepts and tools to the DeFi lexicon—including “disclosure NFTs,” “disclosure DAOs,” and “disclosure DIDs” and imagines new applications for decentralized identities. If properly developed, the Article argues, they could provide more functionality and security than even the SEC’s Edgar database, and in the process reorient disclosure towards its original New Deal purpose—to be read.
Most services, financial and otherwise, depend on an intermediary connecting purchasers and buyers of a product or service. If you want to buy a box of cereal, you go to a grocery store. If a person wants to sell stocks, they usually do so via an app that is in turn connected to a broker or a stock exchange. If someone wants to keep dollars or euros safe, she deposits her savings at a bank. All the while, intermediaries enjoy considerable discretion or informational challenges. Owners know the cost of buying cereal from wholesalers and selling to the public; banks know the balances of customers and can send special promotions to those with large accounts, or who meet special criteria.
In DeFi transactions, by contrast, discretion is for the most part removed. Instead, self-executing agreements called smart contracts are written in computer code, and performed on a digital ledger, called a blockchain, which is duplicated and distributed across the entire network of computer systems. In order to operate, a transactional logic is encoded into smart contracts such that functions, while not legally binding in a formal sense, nonetheless are automatically executed when relevant events or developments occur.5 Because smart contracts are deployed on blockchains, and not on a specific server, their code, execution logs and function are distributed, fully transparent, and irreversible.6
Although smart contracts can operate outside of the crypto context, blockchains offer a convenient environment for smart contracts to be deployed and developed because they enable data to be reduced to programmable code. Blockchains are the core infrastructure of cryptocurrencies and record multiple transactions within a block which are added to pre-existing blocks as other nodes in the network ensure that the transaction is valid. Because smart contracts are effectively programmable instructions, they can be written to govern specific tasks or activities, like buying or selling cryptocurrencies, or releasing payouts in gaming apps.7 In lieu of going through human beings who may have the discretion to exploit informational or other advantages, users interact directly with the protocol. With smart contracts, open source and publicly visible developers can access and connect to different applications like financial APIs, enabling composability in ways traditional finance cannot.8
Smart contracts can be developed or combined to build dapps, which provide more complex services. Because smart contracts are self-executing, dapps, as configurations of smart contracts, are as well—and thus are not subject to the control of any centralized authority. Instead, dapps rely on their underlying blockchains for any coordination of their operations. In principle, this enables new forms of control for consumers insofar as they do not have to hand over personal data to the company providing the service. In the absence of instructions otherwise embedded in the smart contract code, no one entity on the network can block users from submitting transactions, deploying dapps, or reading data from the blockchain.9
Putting this all together, blockchains, smart contracts, and dapps can all comprise critical infrastructure for decentralized finance, or DeFi, the catch-all term referring to the suite of financial services operating on public blockchains designed to mimic or replicate services offered in the traditional financial system like borrowing, lending, asset creation, and more.10 The first decentralized finance applications were decentralized exchanges built on the Ethereum network.11 A decentralized exchange (or “dex”) is a peer-to-peer marketplace, leveraging smart contracts to enable transactions directly between crypto traders. The first dexes enabled investors to convert ETH into ERC20 tokens, and vice versa.12 The next step in the evolution of dapps was the creation of the first yield-generation savings protocols, beginning with Compound, where customers deposit their cryptocurrency in exchange for interest or other rewards, including varying species of cryptocurrency.13 Since then, new lending and borrowing applications emerged that span automated market makers, lending and options exchanges.
For retail investors and consumers, however, perhaps the most familiar iterations of DeFi include unique proofs of ownership of digital assets, usually a digital artwork or collectible, called nonfungible tokens (or “NFTs”). This species of dapps can in turn be embedded within a smart contract and transferred to a user or another contract based on the rules and events defined in the smart contract.14 Likewise, smart contracts can be used to embed the terms and conditions within an NFT necessary to call and access assets within the NFT like music or video clips, or even tools for gaming experiences.15
With protocols, smart contracts and consumer interfaces, DeFi platforms can vary dramatically in function, purpose and risk, with differences in turn reflected in the distinctive attributes of varying operational layers.16 The settlement layer, supported by blockchains like Ethereum and Solana, handle the settlement of transactions between parties interacting through the DeFi application.17 The code and smart contracts comprise the protocol layer, which governs how the protocol operates. The application layer comprises the consumer facing operations of the protocol, which usually happens via an app or landing page on the world wide web.18 Some DeFi operations additionally have application layer functionalities enabling assets and products to be used and combined without explicit agreement or permission.19
Throughout these layers, cryptocurrencies of varying tenors can play one or more important roles. Some cryptocurrencies, like Bitcoin and Ether, can be understood as playing transactional roles, and can be exchanged for the relevant platform currencies necessary to run dapps, or can be held to be traded or exchanged on dexes or to purchase NFTs. Similarly, stablecoins can play transactional roles, both in commerce and as key sources of liquidity. When structured properly, stablecoins hold the comparative advantage of being less volatile than native cryptocurrencies like Bitcoin. As such, they are often the tool of choice for participants wishing to temporarily hold proceeds from transactions in a low risk digital asset without switching to fiat so that they can be deployed quickly when needed. 20
By contrast, some tokens, what can be understood as platform tokens, are specifically designed to run the dapps they are integrated into, and as such are designed to perform the utility of accessing the inherent qualities of the underlying blockchain and protocol. Thus, platform tokens are often required to run games or execute trades on exchanges, or to utilize advertising services, and more.21
Other tokens provide the lynchpin for reward systems for participating as a service provider. DeFi protocols Balancer and Compound, for example, reward liquidity providers with protocol-native tokens for participating on their platforms.22 As these tokens also have transactional utility, and can be traded in the secondary market, an incentive structure is created where investors can earn returns in the form of protocol tokens for contributing capital to the protocol. 23
Finally, some DeFi tokens represent the legal ownership of a physical or digital asset (e.g., non fungible tokens, or NFTs), or they may represent the legal right to some form of action, like voting (e.g., governance tokens). As such, rights tokens may exhibit varying degrees of fungibility, but operationally, all rights tokens enable digital scarcity, or the exercise of rights relating to it.
It is worth underscoring that cryptocurrencies utilized in DeFi can exhibit multiple functionalities. Some tokens may be necessary to access specific platforms or protocols, or comprise the means of payment used to pay for gas and other fees tied to operating on a blockchains. Others still yet may comprise the rewards bestowed on participants for using a platform, and may also comprise units representing voting power for specific projects. Thus while blockchains can be best understood as the base layer infrastructure for building smart contracts, which can, in turn, be combined or developed to create protocols and decentralized applications, tokens comprise the economic or governance currency for the decentralized networks and projects, and by extension the means by which participation is channeled in DeFi projects.
DeFi has become increasingly popular, attracting the interest of everyday investors and users of financial services seeking new ways to enjoy artwork to the prospect of superior trade execution for their digital assets, privacy and high interest rates. But as a nascent industry with technology still in its early stages of development, there are still risks. As in other areas of finance, counterparty risk, cybersecurity threats, liquidity runs, inadequate IP and more can imperil customer value and investor returns.
The presence of risks has naturally prompted the question as to whether founders or entrepreneurs must disclose risks to end users. The answers are not obvious. On the one hand, there is an extensive body of laws prohibiting commercial actors from engaging in “unfair, deceptive acts and practices”—a prohibition that could be interpreted as preventing companies from not disclosing important elements of their operations to end users and consumers.24 Similarly, state law in every state prohibits fraudulent communications.25 In both cases, however, investor and consumer protection tools are not designed to generate greater transparency per se. Instead, they are the basis for which claims can be pursued whereby disclosure duties are discussed after the fact, during litigation. Thus, while they do create risks for operators that fail to offer information in ways that make them “deceptive,” they offer few clues as to what should be affirmatively disclosed to investors and consumers in DeFi markets.
2.1 DeFi, Howey, and More
For this reason, popular conversations about disclosure and dapps frequently circle on whether or not smart contracts or protocols interface with securities, and by extension trigger obligations to register as broker-dealers, exchanges, or investment companies; or whether a transaction involves the issuance of securities—a question that often turns on whether the economic realities of a transaction comprise in their totality an “investment contract” under U.S. securities law.26 In the first instance, when infrastructure interfaces with securities as intermediaries, or venues for their trading, securities law imposes substantive operational requirements concerning liquidity, leverage and more. Meanwhile, where transactions involve the issuance of securities, heavy disclosure requirements are triggered that canvas the operations of the issuer, use of proceeds from the fundraise, a narrative discussion by management, and more.
In the DeFi ecosystem, the threshold analytical issue often centers on whether or not the economic realities surrounding a transaction comprise in their totality an “investment contract,” a concept introduced in the canonical case SEC v. Howey Co.27 The test for determining whether or not a scheme or instrument comprises an investment contract in turn depends on the facts and circumstances surrounding a transaction, and whether there is 1) an investment of money 2) in a common enterprise, and whether investors, in their 3) pursuit of profits, are 4) dependent on the efforts of others.28
Each of Howey’s prongs can be interpreted as referencing certain situations or risks that, when combined, necessitate as per the Supreme Court that they be brought under federal oversight, and subject to disclosure and antifraud rules. An investment of money relates to situations where people are putting their savings at risk; the existence of a common enterprise highlights situations where coordination (e.g., free rider) problems may prevent investors from acquiring the information needed for sound investments; the profit motive highlights incentives that can lead to significant speculation or risk-taking; and dependence on the efforts of others references informational asymmetries between an investor and those charged with ensuring the success of the scheme from which profits will be drawn. In Howey, the Supreme Court ruled that where all of these dynamics are collectively in play, the transaction falls under the dictates of U.S. securities laws, and oversight by the SEC.
Yet for all the conceptual ingenuity of Howey, applying the decision’s standards is far from scientific or consistent. Applications to crypto, especially to DeFi tokens and financial services, create novel questions as to how to interpret the constituent prongs. Securities law is generally predicated on the existence of some kind of central or privileged person or group possessing asymmetric informational advantages over investors, not inanimate computer programs. Moreover, the prongs themselves can have unclear applications. The question of a reliance on “efforts of others” in a “common enterprise” can become complicated, and even tenuous, in a layered transactional environment animated by at times independently run, yet often interdependent blockchains, protocols, smart contracts, and applications that are themselves connected with tokens of varying specie and technological support systems. Similarly, questions have been raised as to whether stablecoins meet the definition of an investment contract since their stability may indicate that there is no “pursuit of profit.” In the absence of clear guidelines, regulation by enforcement is becoming increasingly likely as a clarity-inducing tool. But achieving clarity through litigation could in many instances take years to achieve—and perhaps even longer in a world spanning different asset classes like NFTs, project tokens, crypto lending and trading protocols, and more.
With Howey’s indeterminacy, other theories and approaches have been contemplated to bring DeFi into the regulatory perimeter. Some involve other Supreme Court cases like Reves v. Ernst & Young, which identify how debt-like instruments (notes) fall within the ambit of U.S. securities laws, but present even less clarity.29 Others draw analogies to money market funds and the 40 Act rules to highlight how technologies operate as investment companies, and thus must register—and their securities must contain all the information that would be otherwise required under the 33 and 34 Act.
2.2 DeFi Disclosures under Regulation S-K
Although it has been the Howey test that has attracted the lion’s share of attention, the question of the legal status of a financial instrument is in some ways a red herring. To be sure, the designation of an instrument as a security has enormous implications for companies, and introduces the prospect of liability and even sanctions for issuers, exchanges, investment companies and others that fail to register. But from the standpoint of disclosure and the regulatory clarity around issuer responsibilities, the issue as to whether a tool or financial instrument falls under securities law is but the beginning of a longer series of questions that need to be answered. And here the current regulatory system provides surprisingly limited disclosure practices that are viable for DeFi.
This is because the base layer disclosure documents for securities law fail to anticipate the particular technological features of decentralized technologies and infrastructures.30 Instead, they assume and inquire only into governance, technology, and other operational features inherent to industrial economies, and which are often different, or altogether absent in digital and blockchain-based economies. As a result, securities forms—including Form S-1, the document initial issuers of securities file with the SEC to disclose key facts about their business—fail to anticipate decentralized architectures, and are both over- and under-inclusive in terms of the disclosure requirements that one would expect of issuers of blockchain-based securities.
This problem has been cited in the context of initial coin offerings, but bears repeating in the larger DeFi context.31 An annotated S-1 markup is provided as an addendum, but several simple examples from the document prove the point: A critical feature of any blockchain project is its system of on-chain governance—that is, how decisions are made concerning a token’s blockchain that can alter the rights, structure, or value of the token. For an investor in token securities, this means understanding how decisions are made concerning everything from the modifiability of tokens to the upgrade and integration of blockchain software, and the ability to create new tokens that are incompatible with the issued token’s software but share many of its features (e.g., forks).
S-1s do, for their part, require disclosure of an issuer’s corporate governance. 32 Item 11 (via Reg S-K item 402) requires the disclosure of directors and key disclosures relating to the compensation of key management officials.33 Item 11 (via Reg S-K item 407) similarly requires the identification of independent directors, as well as each director who is a member of the compensation, nominating, or audit committee who is not independent under such committee independence standards. 34 Issuers are further required to disclose the total number of meetings of the board of directors (including regularly scheduled and special meetings) that were held during the last full fiscal year. 35
It is unclear, however, whether the S-1’s mandate for corporate governance disclosure would cover governance issues relevant to the governance of a token’s blockchain. As mentioned above, many transactions are automatic such that governance lies in the code embedded in a smart contract. Meanwhile, changes to a blockchain’s protocol are rarely a matter of a simple vote by a board of directors of a firm. They may arise through DAOs, which may not have corporate identity or analogous organizations. Changes may also be the result of the interaction of several actors: the developers of the blockchain’s code, miners, and finally, holders of the cryptocurrency. In such circumstances, the blockchain memorializing token transactions has a core software repository that holds the code for the main implementation of its protocol.36 For code changes to go into effect, the nodes on a blockchain network need to individually update their software to include the updated code.37 And miners and developers must come to some kind of consensus about the appropriateness of the change.
Moreover, new kinds of governance institutions like DAOs are coming to the fore with voting mechanisms subject not to a centralized leadership entity within a corporate firm, but instead to a stakeholder community.38 But because corporate governance focuses on the interaction between management and directors—and more fundamentally, the separation of ownership and control—it is unclear that the interplay of actors in DAOs, or even blockchain decision-making more generally, must be disclosed in S-1s.39
Meanwhile, S-1s can also be overinclusive, and ask for information of limited use to investors—even in issue areas as foundational as financial disclosures. Items 11(f) and (g), for example, require selected financial data (five years) and supplementary financial information (quarterly for the last two years). However, many if not most parties in DeFi are startups, with little historical financial information to share. Similarly, Item 11(h) requires a discussion of any “information that the registrant believes to be necessary to an understanding of its financial condition,”40 including a discussion of “material trends” and how they will impact the business.41 But as startups with very short histories, there may be no “trends” to identify.
Indeed, the financial information of most relevance to investors in the DeFi space is often sought under securities disclosure obligations in ways that create confusion or end up, ironically, prone to excluding key activities. Item 506 of Regulation S-K, for example, calls for the disclosure of dilution from the public offering price, but focuses on “common equity”—leaving unclear the disclosure obligations arising where participants hold tokens with no economic stake in firms, but only voting power (e.g., governance tokens).42 Other key economic disclosures, like counterparty risk inherent to operations, are altogether ignored beyond Form S-1’s requirement to discuss financial conditions, a significant lacuna given the prevalence of dapps in lending, borrowing, and hedging activities. In a very real sense, the better disclosure requirements may be found in disclosures relating to funds in the Form N-1A, which require disclosure of principal investment risks and strategies, including an indication as to what kinds of investments the fund’s assets are directed towards.43 And fund-like structures face the prospect of regulation. Yet, Form N-1A in a vacuum has its own limitations and requires no information as to the sponsor; instead, company-specific information is only offered to the public if the sponsor is also the issuer of securities.
To sum things up thus far: for all of the protections afforded under U.S. securities and consumer protection law, it is not always clear as to when either applies to the particularities of DeFi projects; and when the prescriptive disclosure rules of securities law apply, ambiguities pepper disclosure requirements drafted with centralized, as opposed to decentralized governance and infrastructures in mind.44 Thus, while categorizing certain DeFi projects as investment contracts under U.S. securities law can elevate transparency and speak to situations posing a particular set of risks to investors, it is still but a starting point for delivering investor protection. An additional step is required of applying domestic securities law concepts to the particularities of the DeFi sector.
Against this backdrop, this section begins the work of thinking through disclosure and DeFi with the care they deserve. But our aims are modest. Dapps, as discussed above, can fall into varying regulatory regimes for disclosure, depending on context. Securities law is one, consumer law being the other. The consequences of one over the other relate to far more than just registration. Securities law and consumer protection regulations differ not only operationally, but also substantively. Securities law in its contemporary guise is very much based on the idea of voluminous disclosure, geared not so much to retail investors, but to institutional investors and courts in the case of future liability.45 Retail investors are viewed as indirect beneficiaries of disclosure to the extent to which sellers of securities consume the information, or where they can sue companies for misleading disclosures should they suffer harm from them. Consumer protection approaches to disclosure, by contrast, focus directly on everyday consumers. Disclosures are meant to be read even by unsophisticated persons in order to avoid abuse and harms. As a result, reforms, as exemplified in the Dodd-Frank Act, focus on issues of simplicity, brevity, and clarity.46
Below are observations that can be incorporated into either model. Building on Congressional testimony on ICO disclosures and recent private sector suggestions, this section identifies key issue areas of DeFi applications, and offers observations and queries packaged in frameworks and nomenclature designed to be recognizable to securities law practitioners.47 In this way, they can help inform either a revamp of Regulation S-K, the central node for defining disclosure obligations for issuers of public securities mentioned in the preceding section, or they could provide the basis for an altogether new regime for DeFi (and to some extent, crypto generally).48
The condensed nature of the queries may further reflect a strong argument that, all else being equal, the consumer protection approach to disclosure may yet be more appropriate for dapps than securities law.49 Voluminous disclosures are likely to constitute a deadweight loss for startups and solo entrepreneurs, and likely to offer little from the standpoint of many consumers and investors at the time of their transactional decision. Lengthy disclosures concerning highly technical digital infrastructures—assuming they can even be accessed and navigated in the SEC’s labyrinth EDGAR database—would likely be ignored by many retail investors and consumers.50 And if they are read, they would risk being misunderstood, if not by jargon, then by informational overload.51 Instead, approaches prioritizing the empowerment of and protection of participants in DeFi systems should likely adopt strategies more akin to consumer protection, challenging regulators and market participants to pinpoint the most important features and risks concerning their technology, and to demand succinct explications for readers such as to inform and empower them in their transactions and decision-making.
With that in mind, this section offers an issues roadmap highlighting key issue areas for consideration by founders and regulators seeking to operationalize effective DeFi disclosure. Though shorter than the full range of securities law disclosures, our intent is to hone in on those most important to investors. And though lengthier than some areas of consumer protection, our intent is not to create opportunities to overload end users and investors, but to instead reflect what is an area that has its own dynamics and complexities that should be understood at a basic level by newcomers to the space. Finding the right balance, as discussed later in Section 5, not only enables smart policy, but also raises the prospect of leveraging the very technology underpinning DeFi in ways to empower investors in unprecedented ways.
3.1 Dapp Description
Transparency is a key feature of public blockchains, and disclosure, even as an external tool for prospective investors, has rarely altogether been absent in crypto-transactions. For example, white papers have served as dual experimental exercises and disclosure tools for founders and researchers seeking transparency and validation for new ideas and ventures.52 And in the DeFi space, an entire universe of communications tools and platforms have emerged to reduce the technicality of discourse, and increase crypto’s accessibility, from blogs and web landing pages to social media and messaging apps.
Still, the disclosure in the ecosystem has raised red flags. For the most part, only technologically sophisticated actors can access, and understand the publicly available code relevant to DeFi applications to evaluate systems and test claims. Complicating things even further, carelessness, inaccuracies, and even scams are too often endemic to pitches and posts describing novel cryptocurrency and DeFi technologies.53 Whether disclosures or representations are made centrally or dispersed throughout the internet—and especially in the context of a regulatory filing—more attentiveness will be expected by consumers, and demanded by regulators.54
Part of the work of entrepreneurs will be to ensure that they describe, as accurately, clearly and succinctly as possible, just what their dapps do. Often protocols and dapps provide vague or inaccurate descriptions of their purpose. Entrepreneurs should take care to describe the purpose of the technology—whether it be facilitating an investment in a project, lending, savings, or any other financial service. If the purpose is nonfinancial, such as the distribution of a collectible or art, that should be emphasized as well. The description of a dapp should not depart from the way the dapp is marketed on or off-chain, and vice versa. If a dapp is marketed as an investment, that feature should appear in the disclosures, along with a clear indication as to how, and why. As discussed in Part 4, if a dapp provides a financial service (e.g., “crypto pair trades”), that service should be described in concise, Plain English to ensure that the end user understands the nature of that service.
Disclosures should fit the business model, and include an explanation of how and under what circumstances an end user will benefit from using the app. If a dapp’s purpose is to enable some form of profit-making, entrepreneurs should take time to explain how earnings are generated. When end users are expected to earn returns through mining (e.g., memorializing new transactions to the blockchain), staking (committing their crypto assets to support a blockchain network and confirm transactions), liquidity provision, funding rates, or something altogether new like gaming proceeds, entrepreneurs should take the time to explain each concept. Additionally, because such processes may involve third party institutions or processes, they too should be disclosed and explained, along with how earnings are expected to be achieved.
If, on the other hand, a dapp is designed to facilitate the purchase of a collectible, or create online communities or games, entrepreneurs should provide a clear overview as to what specifically is being purchased, and how it is accessed. Entrepreneurs should consider disclosing some of the core attributes of the community or social value that the app intends to secure, or what features a particular gaming application will provide for end users.
If the product or service is also being marketed as an investment, additional disclosures should be made as to how and under what circumstances end user-investors would earn a profit. If digital goods are to be fractionalized, for example, the manner and nature of fractionalization, and the attendant rights of purchasers, should be explained. Similarly, if any secondary trading of a NFT is envisioned to support appreciation, that secondary market and its operation should be identified and disclosed. The rules of a gaming application, and the nature of the requirements for winning, should be provided. If particular rewards, like tokens, are viewed as the primary benefit of participating in a particular protocol or dapp, the features of the token should be discussed in depth, a topic that we will return to below.
3.2 Description of Risks
DeFi introduces a number of unique innovations, including a deep structural transparency and the ability to independently validate core features of the technology stack, and the ownership, transfer and settlement of assets. This transparency obviates certain kinds of risks that can inhabit legacy markets like tricking multiple lenders via rehypothecation of already leveraged assets. 55
But in their communications with end users and investors, it is critical that entrepreneurs consider the risks pertinent to their business. In the financial and technology contexts, this typically requires project developers to think carefully during the technology build and launch about risks that could lead to failed transactions, compromised data, lost or stolen funds, counterparty risk, and any other risks that could compromise profits for investors, or the well-being of people using the service.
Notably, under both securities and consumer protection law, entrepreneurs are usually not expected, or even supposed to disclose all risks to investors, but are tasked with identifying which risks are most likely, or if unlikely, would have the greatest impact on the operation of the DeFi project. This is especially important for consumer-facing apps where less sophisticated users are becoming more common, but where risks may be complex and less perceptible. In some instances, the risks are embedded in settlement layer operations. For example, scaling limitations of some blockchains create the prospect of network congestion, which in turn can create higher fees, or even prevent application layer infrastructures from functioning altogether. Similarly, when one dapp uses too many computational resources, the entire network gets backed up. At other times, risks may revolve around emerging cybersecurity risks with open software, or liquidity crunches or even runs on collateral leaving unsuspecting consumers robbed of their life savings.56
While the range of possible risks variable across dapps, NFTs, and DeFi protocols are extensive and beyond the scope of this Article, there are common questions that entrepreneurs and developers can ask that can help begin their journey in identifying some of the most useful disclosures for end users and investors. Among them:
Are there any common or likely circumstances that could materially affect the normal functionality of your DeFi protocol, dapp or token?
What, if any, are the primary limitations of the network on which the dapp is operating, and how could they impact the delivery of services?
Under what conditions can changes to smart contract code be made, and could those changes impact end users or investors to their detriment?
Are there market or liquidity risks that attach to the purchase of your token (in terms of convertability, redemption, trading, manipulability, etc.)?
How would bankruptcy laws apply to customer funds?
What intellectual property rights attach to your purchase of a non-fungible token (particularly art and collectibles), and what activities or rights are not conveyed?
What technology or business risks accrue to dapps or tokens where they reference digital assets living on external servers?
How, if at all, would disruptions in other cryptocurrency systems (e.g., transactional cryptocurrencies like Bitcoin and Ether or stablecoins) disrupt the proper functioning of the dapp?
What are the primary cybersecurity risks facing the dapp or IT systems on which the technology relies?
What if any processes or procedures are in place to respond to any of the above risks?
What is the impact of economic policy or the likely impact of government regulation (financial, environmental, etc.) on your business, and for investors?
Along with consideration of these questions, entrepreneurs should offer clear indications to prospective end users and investors that they should be willing to accept a high degree of volatility in the price of cryptoassets and the possibility of significant losses. Entrepreneurs should also contextualize the risks they identify beyond mere declarations of caveat emptor, as well as elaborate clearly and in Plain English the steps they have taken to mitigate the risks.
3.3 Token Disclosure
Because most end users and investors must hold some type of token, at some point in time, to access, own, and invest in DeFi projects, goods and services—including purchasing an NFT, playing a game, or triggering smart contract operations and dapps—disclosure of the token economics and operation is critical, especially where people purchase tokens as investments.
Given the sheer diversity of tokens and token-types—and contexts spreading transactional, platform, reward, and governance functionalities—disclosures will vary considerably depending on the purpose of any particular token. But there are a number of common queries and issues reasonable end users and investors will find valuable.
First, the basic economics of a token should be disclosed clearly, starting with factors impacting token supply and demand. Entrepreneurs should consider, if known, the total number of tokens intended to be minted, divisibility of the tokens and any lockups of tokens (particularly by founders or insiders) that, when released, would increase the overall supply of tokens; founders should also conversely disclose whether they or another entity retains the right to issue more tokens, or conversely, to redeem or destroy tokens in the future. Similarly, end users holding utility tokens should be informed if the utility they expect or which has been marketed to them can be changed or even compromised due to changes in the code of a dapp or protocol.
Next, any factors impacting their market, consumptive, or investment value should be clearly disclosed. For example, if platform or governance tokens are distributed as a reward for staking, a clear indication should be given as to whether and how they can be used, and where, and how (if at all) they can be traded. Meanwhile, if dividend and other rights attach to a token, these rights should be disclosed to holders. And still further, if other on- or off-chain perks are attached to token holders that themselves have economic value—like the ability to participate in social networking, or to be used for some other dapp or utility, the terms of such perks should be disclosed clearly. If there are likely or common misconceptions as to the economic rights a particular holder may enjoy (e.g., IP or commercial rights) for certain non-fungible tokens, the limitations of the rights of holders should also be disclosed clearly for end users and investors.
As noted above, dapps should disclose the key features of any cryptocurrency on which it relies for operational purposes. In the case of stablecoins, consumers of the relevant stablecoins should, for example, be informed as to the assets held in reserve to back the coins, and whether their funds will be on lent or pooled with others for investing. Meanwhile, where any cryptocurrencies are issued, sold or lent as platform or rights tokens, consumers should be informed of privileges afforded holders of the token, as well as any redemption rights or limitations impacting the token’s liquidity. Further, promoters, where relevant, should provide detailed disclosures regarding their procedures for securing and storing private keys.
Finally, and perhaps most fundamentally, entrepreneurs should describe any conflicts of interest inherent to the token economy. Notably, the mechanisms for the governance of both dapps and tokens can vary considerably, and can lead to a mismatch in incentives between those who invest in the platform, like liquidity providers or lenders, and those who govern the platform.57 In some instances, investors with large governance token stakes may have a longterm incentive to promote best practices for the platform’s health, which could conflict with the interests of short-term investors or even end users. For example, tokens distributed to stakeholders in the form of governance tokens may be destroyed or sold in treasury operations in order to maintain stability of a platform. Though perhaps in the best or overall interest of the application, they should nonetheless be described in full to end users or investors in the token.58
3.4 Governance
As illustrated in our overview of token disclosures, governance in DeFi applications and operations can be a critical feature of end user and investor value, even as it looks very different from legacy systems. Unlike the traditional financial system, DeFi need not be controlled by any centralized authority, and decision-making can be devolved to developers on the underlying blockchain, or even users. Decentralization itself, however, can generate the need for new ways of organizing communities and collective decision-making. Governance tools and protocols help facilitate critical business and development decisions such as entering into new business lines, upgrading new technology and cybersecurity, adding new features or services, making key decisions on business operations and strategy, and so on. The spectrum of governance solutions can be considerable, however, and users should be made aware of key governance attributes.
3.4.1 Central Administrators and Dapps
A common refrain among DeFi experts is the notion that decentralized applications cannot, in any way, be altered once launched on a blockchain. Blockchains are, after all, immutable; and smart contracts cannot be changed beyond what was originally coded.59 However, most dapps require periodic improvements and upgrades: Bugs or security issues, for example, may prompt or require upgrades. Or upgrades might be required in order to maintain the proper functioning of a dapp due to changes in the underlying blockchain or network on which dapps operate.
Coordination is inherently more difficult in decentralized ecosystems due if not to the number of potentially key stakeholders, then to the absence of hierarchical structure. For this reason, some applications running on blockchains are ultimately controlled by a centralized entity of some sort, at times a company, or someone having some sort of administrator access. 60 In such instances, most of the code may be run by this centralized entity, while only some parts, often related to the memorialization of the ownership of assets, are actually realized through smart contracts in a decentralized fashion.61
The existence and governance of centralized systems should be disclosed to users where relevant to their expectations as consumers or investors. While many consumers and investors may appreciate the existence of emergency backstops through accountable control persons, some will be unaware that aspects of their “decentralized” applications are subject to control persons and will want to know how it could impact their ability to enjoy a product or service. Developers should thus disclose the existence of any control persons or emergency measures, and whether centralized actors might (need to) behave in ways that contradict or override the interests or wishes of participants.62 Among the possible disclosures items developers and policymakers should consider include:
Are there are centralized entities that have control powers, and in what situations are they permitted to wield them?
Which features of the operation of the app do centralized entities control-upgrades, kill switches, or more?
What are the rights of participants, individually and collectively (e.g., in the case of on chain voting), vis-a-vis centralized control entities?
What security risks (or advantages for resilience) does central control or authority create for dapp users and investors?
As indicated in the final issue listed above, governance decisions may impact the overall security of the dapp. For example, centralized governance may, for its part, increase the likelihood of a cybersecurity breach, or the resulting damage. Or it could confer advantages of resilience in the face of a hack. In either case, a short narrative description may be necessary in order for users and investors to adequately understand the rationales and logic behind the dapp’s governance architecture.
3.4.2 DAOs and Dapps
Importantly, not all dapp governance models incorporate or rely on centralized decisionmakers. One of the most notable developments in DeFi governance has been the emergence of “DAOs” (Decentralized Autonomous Organizations), blockchain-based entities that mimic corporate structures. As collectivities that operate according to self-organizing attributes and autonomous software principles, DAOs introduce the possibility of dapps that at launch or over time are controlled and curated by a wider community, and not a centralized authority.
Disclosure concerns for DAOs arise most commonly in blockchain-based crowdfunding ventures where DAOs direct investment decisions. Because in such settings DAOs are the mediums through which individuals pool resources to make an array of business decisions and investments, investors put a premium on knowing how DAOs will operate, and what governance will look like.
But DAO governance can be just as important in the context of dapps—and especially where technology decisions run through DAOs. Technology upgrades and bug fixes are, while often necessary, inherently time consuming for developers even in the best of circumstances. New code must be developed and then integrated into the blockchain, and not infrequently key smart contracts and software. But if upgrades and related decisions also have to run through a large community of potentially clashing opinions, and conflicted interests, DAOs introduce an additional layer of operational complexity and uncertainty. Thus to the extent to which DAOs govern dapps, entrepreneurs should make sure that any attendant risks and governance details are properly communicated.
The range of potentially relevant disclosures is considerable, and requires of developers that they consider at a minimum those elements of DAO governance and operations that could adversely affect its usefulness for end users. Among the possible disclosures items developers and policymakers should consider include:
Over what aspects of the dapp are DAO decisions relevant?
How does the relevant DAO make decisions?
What are the voting rights of DAO governance token holders? How do the voting rights impact the services enjoyed by end users?
Can the voting rights of DAO token holders change, and if so, how?
What aspects of decision-making are automated?
What, if any, crisis management features does a DAO enjoy that impact governance and voting?
Is the DAO for profit?
Finally, the core legal attributes of the DAO should be disclosed where relevant to the operation of the dapp. In contrast to corporations, which operate as a nexus of contracts, DAOs operationally function as a nexus of smart contracts. But to the extent they are operated as formal business associations, relevant attributes of their Articles of Incorporation or bylaws should be disclosed.
3.5 DeFi in “Plain English”
DeFi challenges legacy understandings of disclosure in part because it is so transparent. Because most blockchains operate on code accessible to the public, virtually anyone, regardless of their status as investor or consumer, has access to the underlying smart contract code for dapps.63 Indeed, virtually, anyone can view and audit the code powering a protocol or smart contract, and at least in theory, inspect its robustness against varying cybersecurity threats including market attacks, front running and reentrancy, and whether it is secure for handling and transacting large sums of crypto assets.64
However, for regulatory purposes, disclosure is an art that concerns not only what information is available to the public, but also whether or not those disclosures are understandable. From a regulatory perspective, it is not merely a technical exercise, but one where authorities review both the content and way in which information is delivered.
Thus, while transparency on blockchains requires that policymakers think harder about the purposes of disclosure—if, after all, disclosure is intended for consumption by sophisticated parties, to a very large degree, they already have access to it—the mere availability of information for inspection does not itself denote effective disclosure. To return to our source code example, coded instructions for smart contracts, even on high utility blockchains, are not for the most part decipherable for unsophisticated parties.65 Analyzing bytecode even on the popular Ethereum blockchain involves tracing both the low-level flows of data and arithmetic in order to reconstruct a contract’s logic, and by extension requires meticulous attention to each individual machine operation, and a memory to retain the state of the virtual machine at each step.66 Thus, while accessing smart code is a critical disclosure step, understanding the disclosure, in its raw form, to test for vulnerabilities or fraud would be virtually impossible without spending a large sum of money purchasing the time and know-how of a very motivated and talented reverse engineer.67
Entrepreneurs should not take this challenge lightly. For the cryptocurrency ecosystem, the traditional disclosure device—white papers—have been criticized as both difficult to read and often hyperbolic. In providing disclosures about their technology, for example, white papers not infrequently make claims that are difficult to parse as aspirational or functional; highly technical details concerning a project may be released, but few clarifying details and statements about such details accompany them. And while sometimes whitepapers refer to and embed contractual terms and conditions of sale, more eye-catching are promises as to the impact the technology will have, not only for end users, but for society at large—a development exacerbated in an age of cursory and exaggerated communications on Twitter and social media.68 As a result, even those with technical backgrounds often struggle to make sense of such disclosures. Accordingly, retail investors with limited sophistication are also left with little actionable information.
Today’s mandatory regime does little to solve the problem. On the one hand, the SEC has implemented “Plain English” disclosure rules designed to reduce the jargon and difficulty often associated with reading registration statements. The most stringent requirements in Rule 421(d) articulate definitive prohibitions against “legal jargon” and “technical terms” in the summary, risk factors, and cover and back pages of a prospectus. Meanwhile, under Rule 421(b), the Commission has outlined a number of norms such as “short sentences whenever possible,” “bullet points,” and “descriptive headers” while advising that prospectus drafters avoid “legal and highly technical business terms,” “legalistic, overly complex presentations,” “vague boilerplate,” “excerpts from legal documents,” and “repetition.” As such, the Plain English rules speak to the overly complex business narratives and communications that have traditionally made securities offerings indecipherable for everyday investors.
Plain English disclosures apply, however, only to the front and back pages, and summary and risk factors, of prospectuses included in registration statements filed with the SEC. They do not relate to the disclosures consumers may need most, like the more in-depth descriptions of relevant tokens or supporting technologies that are often critical to understanding a dapp as an investment thesis.
The SEC infrastructure also starts from an assumption of more mature industries with well-defined terms and nomenclature, and as a result could exacerbate complexity rather than improve clarity. Take, for example, the advisory note that in order to achieve greater clarity, prospectus drafters should avoid “relying on glossaries and defined terms.” Under normal circumstances, this kind of guidance would help investors avoid the need to sift through disclosures in ways that added to the time and burden of reading disclosures. But for the early stage product environment that is DeFi, these steps could be extremely useful. Because many dapp developers rely on concepts with multiple or context-dependent meanings, whether it be “decentralization,” smart “contract,” or even “token,” defining terms and using the term in the document could prove helpful and perhaps even vital.
Nevertheless, entrepreneurs should be thoughtful about the clarity and care they take to not only make public relevant, material information about their dapps, but to also make sure that the disclosures they make are understandable. Even in the absence of the application of the Plain English rules, complex or obtuse disclosures can still risk liability under securities law fraud as containing “omissions” or constituting intentionally “deceptive devices”; similarly, they risk charges from federal and state officials as being “deceptive acts” and thus constituent of fraud.
It is thus incumbent upon entrepreneurs in making their disclosures to think about the quality of the disclosure, and whether the information they are sharing and making public can actually be understood by the intended consumer of that information. From that standpoint, a number of considerations are helpful:
Would an educated layman with a high school education understand the disclosures?
Would an individual with a college diploma understand the disclosures?
Do the disclosures rely on terms of art that can have varying interpretations or meanings?
Are the technical terms used in the document being defined?
Are the technical terms used in the disclosures explained clearly so that the reader can understand how and why they are important?
Are technical terms being used for precision, or as short cuts to explain concepts that are themselves not well understood?
Is there hyperbole in your marketing that contradicts the statements made in the consumer or investor-facing disclosures, making them harder to contextualize or understand?
Would graphics or illustrations help to explain key concepts?
As more DeFi operations go mainstream, other tools may be reasonable means of improving clarity in ways that help projects scale by lending even source code on public blockchains more open to auditing and verification. Along these lines, developers should consider inserting where appropriate code comments—explanatory lines of human-language text—as guides to assist in identifying pertinent functions and instructions. Additionally, or even in the alternative, developers should disclose what steps were taken to ensure the effectiveness of the programming, and whether or not the code for their dapp has been audited by a third party (and if so, the core components of that audit).
We turn now to a thought experiment in this final section to ask and brainstorm creative possibilities for one of the most technical areas of disclosure: the delivery of key disclosures to end users and investors.
The issue of disclosure delivery has not been an area of traditional concern for developers, in part because crypto infrastructures inherently “deliver” a large degree of transparency—certainly more than traditional financial infrastructures—and some of the most important technical information can be readily found (if not always easily interpreted) on blockchains. But it is an ideal area for engineers to lean in, and help rethink in ways beneficial for founders, investors, end users and policymakers pursuing their mandates. For most consumer transactions, disclosures arise on products as warning sides, or as mailed documents accompanying debit card or other transaction tools. Similarly, even financial regulatory rules are largely premised on the idea of notices attached to paper documents, or hyperlinked to electronic documents.
Delivery of disclosure is most comprehensively addressed in the world of securities law, where issuers and brokers are required to deliver regulated disclosures (the “final prospectus”) to investors before, or shortly after, the sale of securities. This prospectus delivery requirement alternatively can be satisfied if a company files a timely final prospectus via EDGAR, the SEC’s electronic database, and sends a notice to investors shortly thereafter advising that the final prospectus can be accessed there. Importantly, the EDGAR system can be considered both a technology and regulatory system. EDGAR comprises a critical SEC infrastructure and processes up to 3,000 filings a day, facilitating not only issuer disclosures to the public, but also the fulfillment of issuers’ regulatory responsibilities and duties. Yet despite its importance, EDGAR possesses limited functionality in terms of investor empowerment and education, and the system has attracted widespread criticism for its poor governance and fragile operating systems.69 Along with having been hacked, it provides few incentives for retail investors to review disclosures, and is effectively hived off technologically from the issuers and investors who rely on it.
Public blockchains, among other technologies, contrast considerably with EDGAR operationally and invite policymakers and industry to imagine regulatory systems that might not only be more effective, but which also might inspire further research and development of the space.70 As mentioned above, disclosure is in some ways inherent to how blockchains operate to the extent to which transactions and data are publicly visible and are, at least in principle, immutable, and offer more transparency than traditional corporations operationally have provided. In principle, anyone can view and audit code. Smart contracts are likewise visible and available for public scrutiny, and built on top of the open-source software provided by blockchains. The results of operations are visible on-chain at all times, at least to the trained eye. Similarly, adverse events that occur on chain (hacks, etc.) are usually visible, at least much more than is the case with nonpublic systems like EDGAR.71 It is possible to see who is holding what tokens (or at least the wallet address), figure out what wallets are held by which individuals (or what the concentration is), and much more.72
Public blockchains also introduce the possibility of integrating a disclosure system into applications that are themselves native to the ecosystem where disclosure enhancements are sought. As discussed in further detail below, tokenization of assets enables not only the representation of disclosure as a digital asset, but also an investor’s interaction with that disclosure. This optionality creates a range of interesting pathways to explore for building better disclosure, delivery, and operations on top of the delivery infrastructure that could advance regulatory concerns while allowing market participants to distinguish their products and services.
4.1 Disclosure NFTs
Because blockchain systems can enable the creation of a digital representation of value for nearly anything, including disclosure, in any number of ways, the sheer range of potential projects in the space is limitless. That said, any starting point for something as ambitious as a DeFi disclosure regime should possess features that are not only familiar to the ecosystem, but which also might spark interest among engineers and builders to support experimentation and its subsequent development.
With this in mind, non-fungible tokens offer an obvious point for departure. NFTs, as mentioned above, have become wildly popular—in not only sports and music, but also politics as well—in part because they can be recorded on a blockchain to provide unique proofs of ownership of digital assets. Thus far, their most familiar applications involve packaging jpegs or music on a blockchain to create opportunities to own and even fractionalize digital entertainment. But it is worth imagining how NFT architectures might be leveraged as a data wrapper for disclosure, and by extension, an application layer for DeFi compliance.
NFTs are interesting not only because they can represent physical or digital items on blockchains, but also insofar as they embed, or can be embedded within, smart contracts to create new disclosure experiences for end users or investors. The hard question is just how a disclosure NFT in particular would best work. In perhaps the most intuitive case, an NFT could tokenize disclosures available for an end user to review. Disclosure could be submitted to prospective investors or end users of decentralized applications via an NFT. The NFT could in turn include a link that points to off-chain disclosures hosted on external servers or to disclosures living on a distributed file system such as IPFS or Filecoin.73 Subsequent updates to disclosure could generate a new token or a new version of an existing token that could be held in a digital wallet. Third party communities could grow around the tokens, with tokenholders enabled to discuss and deliberate on token-delivered information in special chat rooms on Discord, the popular voice and chat app.
Realistically, however, operating on many blockchains for the moment can be expensive, and in the absence of efficient blockchain implementation, disclosure NFTs would not likely not fare favorably compared to low cost off-chain alternatives like using email to deliver disclosure. Instead, to be feasible disclosure NFTs would likely require a more ambitious tokenization thesis to justify the complexity and cost.
This challenge creates a number of technical pathways, and opportunities. One is the continuation of efforts to improve blockchain efficiency. 74 If blockchain implementation can improve, products can be designed to deliver information at lower cost. And to be sure, updates to the Ethereum blockchain, along with the emergence of more efficient blockchains create the prospect of inexpensive technology solutions that could support not only tokenized disclosures off chain, but also the prospect of disclosures living on-chain.
Another pathway—and one worth considering even as blockchain operational efficiency improves—is to tweak the very tokenization thesis of a disclosure NFT, and in the process upgrade the very idea and functionality of “disclosure” as it has been understood since the 1930s. As a reminder, blockchain systems enable the creation of a digital representation of value for nearly anything. Disclosures locked away off-chain are just one example. More ambitious product designs are just as possible—including NFTs where rote disclosure is not what is tokenized, but instead a recipient’s interaction with the disclosure.
Under this kind of system, companies could load disclosures to their website. Once the disclosures were read, the reader could be directed to answer one or more test questions—or even a game testing their understanding of the app.75 Once the test question(s) were answered, or the game was successfully navigated, a disclosure token could be issued to the end user or investor in the project to their wallet. The tokens disbursed to the end user would be unique, but not transferable, embedding the fact that a particular person passed the test. They could then be saved in the wallet of the relevant end user or investor as a sign that they had read (and engaged in) relevant disclosures. They could then be saved in the wallet of the relevant end user or investor as a sign that they had read (and engaged in) relevant disclosures. And additionally programmed with other kinds of reputational or governance value.
The gamification of on-chain experience is not without precedented. Dapps like Rabbithole, for example, teach users how to use and contribute to decentralized apps, allowing them to earn on-chain credentials demonstrating their mastery of core skills and protocols based on their on-chain activity.76 What would be novel is the potential for merging disclosure and technology literacy, and moving disclosure beyond the drop-and-go operation of the EDGAR database. Consumers and investors could be given a choice of traditional disclosure, with a website link to company filings—or have the option of navigating a disclosure game, and receiving disclosure tokens with governance rights or other benefits for their work. For especially risky ventures, protocols could even be programmed to only accept customers who possess disclosure tokens in their wallet, leveraging NFTs in ways akin to AML/KYC whitelisting tools used for the verification of identities for combatting terrorism and illicit finance.
The ultimate collection of disclosure tokens in a particular wallet could also provide helpful information concerning the wallet holder’s sophistication, offering another kind of technological functionality far beyond that provided in the EDGAR database. As currently configured, EDGAR provides public information only as pertaining to issuers of securities. Consumers of EDGAR’s data are primarily financial institution analysts or traders. The disclosures on the database are usually only valuable for retail investors after some kind of malfeasance has been committed, insofar as they can provide the basis for lawsuits asserting violations of U.S. antifraud rules. However, to the extent to which disclosures are actually designed and delivered to be read, and some indication can be given as to whether they are internalized by investors or end users, metadata can be created for regulators and entrepreneurs to reference when trying to determine, among other things, whether investors meet the sophistication requirements for private (accredited investor) transactions. Disclosure tokens could also double as social tokens, and be used to access portals or gateways for social networking, guild-building and participating in governing DAOs in DeFi.
Protocols could also inspect for conflicts in usage terms by checking conflicts in the users’ collection of disclosure tokens. For example, they could provide some surveillance capacity if participating in certain protocols or holding of specific assets forbid one from simultaneously partaking in other activities in Web3, or voting on governance decisions in other protocols.
4.2 Digital Disclosure Libraries
The framework disclosure offered above is based on a concept of disclosure as financial literacy. Building on the roadmap of queries identified in Section 3, entrepreneurs could formulate disclosures tailored to the primary features and risks of a service.
As such, disclosure tokens would require developers to come up with disclosures, as well as disclosure delivery systems. And for start-ups, this could still create onerous costs. One simple tool for mitigating such costs could be to create disclosure libraries on an internet portal for developers. Structured after GitHub, open-source systems could be developed where developer-builders, lawyers, nonprofits and trade associations could post and experiment with disclosures for new Web3 applications.77
As a part of this solution, a central repository could be created with all the files associated with any model disclosure, or a specific project’s disclosures, deposited on it. Over time, changes to the model disclosure could be “checked in” to the central server on which all disclosures are made.78 In this way, disclosures could be forked, enabling developers to work from earlier disclosure-projects in other accounts, create new versions of the disclosure, and then modify the disclosures under their own account.79
This approach is at least intuitively appealing because digital disclosure libraries could live on-chain or off-chain as an independent tool for increasing disclosure in the ecosystem. In either case, digital disclosure libraries could serve Web2 portals, as well as the landing pages of dapps and even Web3 tokens.
4.3 Disclosure DAOs
Digital disclosure libraries as mapped out above are ultimately attempts to make transparent, share, and build on individual efforts at innovating disclosure in the ecosystem. But it is not hard to also envision attempts to crowdsource input, and organize collective decision-making in a directed manner in order to advance the broader development and dissemination of disclosure standards and tokens.
Organizational efforts could take place on- and off-chain. But there is a practical value in integrating efforts in order to leverage and align interests among DeFi developers, investors and end users. From this standpoint, a crypto-native solution could include the creation of tax-exempt, nonprofit DAOs designed to promulgate disclosure frameworks, tokens and compliance tools.80 Along these lines, DAO governance could be structured whereby participants could vote on a spectrum of disclosure-related issues—from specific disclosures necessary for dapps to open-source model disclosures to standardized credentials for accessing regulated financial opportunities.81 Bylaws reflected in the DAO’s source code could meanwhile endow members with certain privileges. In some instances, members could be afforded the opportunity to vote on sample disclosure submitted by permissioned parties or DAO sponsors. Or alternatively, they could be permitted to submit their own disclosure principles or model disclosures for other members. In this second model, winning disclosures could be recognized with special NFTs that show up in a person’s profile, and help burnish professional reputations. Individuals who submit model disclosures that become popular could likewise be rewarded with a special NFT that affords developers with access to certain guilds or even decision-making processes within the DAO.
Although disclosure has not been the focus of any DAO as of this writing, there are countless examples of DAOs focused on governance and even policy standard setting both on- and off-chain. Other Internet, for example, operates as a decentralized applied research organization that studies and builds social technology for DeFi ecosystems.82 Working with other protocols, the DAO has collected the first cross-protocol body of knowledge about off-chain governance practices, and advises protocols on ways in which off-chain governance practices and community building might be incorporated into software and on-chain activities.83 In contrast, Lobby3, a DAO launched by former Presidential candidate Andrew Yang, operates squarely in regulatory policy with the purpose of innovating advocacy and sustainable crypto policy off-chain.84 Similar to the disclosure DAO concept introduced here, community members contribute ideas to vote on where the community stands and voice their opinion as to how DAO resources should be directed. They also can propose and vote on guests they would like to invite to community events. Policy proposals approved by the DAO are then used as priority guidance for lobbying on issues concerning DAO policy.85 Lobby3 members vote on the basis of a token purchase (1 token = 1 vote), though in principle weighted voting mechanisms can be used to balance varying corporate, nonprofit, and governmental interests.
Many other forays are underway aiming to crowdsource operational and technical standards,86 and will follow, but disclosure DAOs would present obvious focal points for policy and even compliance-driven experimentation. DAOs enable community-building for voter-stakeholders sharing similar values or expertise, and off-chain guilds and associations of disclosure specialists could be readily coordinated under a decentralized infrastructure. DAOs also possess features that not only help facilitate idea-sharing, but also help optimize it. For example, although DAOs do not inherently make reaching group consensus easier (though they do avoid expensive proxy-related processes common in corporate voting87), they do aspire to foster trust and collaboration within the organization, and even professional reputations. 88 By conducting and recording votes on a blockchain, DAOs can implement automated voting procedures that exhibit considerable transparency—which might be attractive where self-interested parties may participate—while minimizing opportunities for contested decision-making, fraudulent behavior, or simple mistake. 89 DAOs also enable means of exit similar to that found in capital markets, such as “rage quitting,” where members have a call on all portions of contributed assets if a DAO no longer serves a given member’s purpose. 90 And in the instances where they no longer can serve their purpose, they can be dissolved, and new DAOs spun out to continue the work with new configurations of stakeholders and participants.
4.4 Decentralized Disclosure: Beyond NFTs
NFTs are a relatively obvious starting point for thinking through compliance due to visibility and programmability. But for the sake of completeness, it is worth underscoring that other disclosure building blocks may be possible that could operate both on- and off-chain, which may prove to be especially interesting avenues for upgrading compliance and user experience. Perhaps the most relevant here is that category of solutions leveraging Decentralized Identifiers (or “DIDs”). Under this model, public keys could be anchored to a blockchain to provide the immutable foundation for off-chain credentials that comply with standards being defined by a relevant standard setting community (e.g., Decentralized Identity Foundation (“DIF”) and World Wide Web Consortium Credentials Community Group (“W3C”).91
A Decentralized Identifier at its simplest is a text string that associates a person or entity with a set of data, called a DID document, describing a person or entity.92 These data include information like cryptographic public keys, verification methods, and means of communication or interacting with the individual, as well as associated network addresses, like HTTP URL, which operate on behalf of the person or entity.93 The DID document then serves as the means of authentication for the subject of the Decentralized Identifier, and the foundation for trustable interactions associated with that subject. 94
In theory, a Decentralized Identifier system for disclosure, or disclosure DID, could be applied to DeFi disclosure systems with a similar administrative loop. As with NFT tokens, after reading disclosure, and engaging in a game or test of comprehension, a credential could be minted by a validating site or network to substantiate the successful engagement with the disclosure. That credential could then be held in a personal datastore controlled by the end user.
What would differentiate disclosure DIDs from NFTs is the credential in a DID framework. As opposed to an NFT serving in effect as the credential, here credentials would be stored off-chain in a digital wallet, and the only data on-chain would be the disclosure DID and a hash pointing to the credential ensuring data privacy. Credentials would also be built on open-source standards compliant with frameworks set by decentralized identity standard setters (e.g. DIF, W3C) to ensure interoperability with other decentralized identity applications. In theory, disclosure engagement credentials could thus be combined with other kinds of credentials issued and used to prove identity claims for any number of compliance use cases, from AML/KYC verification, to validating accredited investor status. However, unlike NFTs, which for the most part live on the popular Ethereum blockchain and provide easy ports for engineering engagement on-chain, disclosure DIDs would operate on comparatively siloed and competing member-supported networks, with as of yet much less familiarity with the public. To bridge the gap, developers could conceivably adopt hybrid NFT-DID strategies, like embedding disclosure DIDs in NFTs.
4.5 The Regulatory Charge
The ideas are, of course, ideas, and only that. The motivation of this Article as such has been modest: to both inspire and catalyze new, but not far-fetched brainstorming about not just the range of potential use cases for decentralized infrastructures, but for disclosure as well. And to do so in ways that can excite developers and as much as policymakers—and highlight how disclosure systems can (and should) grow with technology instead of being superseded by it. Disclosure is both a public good and a private good for individuals who are actually using the technology. As such, it should be produced not merely to help allocate liability after the fact, but to also be read and empower investors and consumers navigating a fast-paced and often complex environment, and before problems arise. 95
In a vacuum, private ordering could create incentives to experiment with any one of the crypto native solutions detailed above—whether it be disclosure NFTs, DAOs or DIDs. Proactive responses by developers and entrepreneurs could arise out of an interest to differentiate their services from others, or from an interest in mitigating potential liability under state fraud and consumer protection statutes.
But innovating compliance itself would still likely require or greatly benefit from regulatory engagement or, at a minimum, symbolic government support or encouragement. Regulators could bolster disclosure by modernizing and periodically reviewing and clarifying disclosure expectations in light of technology developments; supporting technology sprints aimed at innovating new compliance approaches; and even providing standards and oversight for emerging infrastructure providers like third party auditors of smart contract code and dapps in order to ensure the accuracy of information provided to retail investors and end users.96
That said, regulators are not in the business of innovating, and departures, however rational, from legacy technology stacks can generate natural unease in volatile times, political and economic. But regulators are in the business of pursuing their mandates and ensuring their systems continue to work effectively for the public in light of changing economic, market and technological developments. 97 And to the extent to which regulators can provide support or incentives for early stage companies in ways that enable them to grow and thrive in ways that help regulators themselves fulfill their legislative mandates even more effectively than in the past, they should.
The mere presence of regulators working head on with industry on both expectations and a modern compliance toolset would also likely help catalyze interest among engineers and developers in building tools that could quite literally redefine and even improve core practice areas (like “disclosure”) in ways more suitable to the digital economy, and in the interests of the investors and consumers who navigate them.98 Regulators possess in their essential rule-making and enforcement powers awesome powers to motivate private responses beyond the capacity of the state.99 But “regulatory excellence” is not undertaken in a vacuum.100 Rigorous, mission-oriented engagement with a technology’s risks and opportunities of whatever stripe or tenor can, when properly informed, not only help prevent market abuse and actors from falling afoul of regulatory expectations; it can also inspire the next generation of engineers and developers to shore up deficiencies as well as explore the as-yet to be fully developed use cases of the technology with which they have expertise. This Article has offered several paths in that direction.