Remarks of Commissioner Brian Quintenz at the 38th Annual GITEX Technology Week Conference

October 16, 2018

Good morning. Thank you very much Matteo for that kind introduction. Before I begin, let me quickly say that the views I express today are my own and do not represent the views of the Commission. For those of you not familiar with the Commission’s mission, the CFTC is responsible for regulating the derivatives markets in the United States. As such, we have oversight authority over the futures and swaps market, including derivatives on commodity cryptocurrencies.

This is the first GITEX Technology Week Conference that I have had the pleasure of attending and I am delighted to be here with you today. I would especially like to thank the Dubai World Trade Centre for being such a generous and gracious host. This is a spectacular event and it is a fascinating conference.

While this is my first time at GITEX, it is not my first time in Dubai. I had the pleasure of visiting here for the first time in March earlier this year at the invitation of Saeb Eigner, the Chairman of the Dubai Financial Services Authority (DFSA). I first met Saeb in Washington, D.C. on a visit he made there almost a year ago exactly. Our conversation turned quickly from financial regulation to shared interests of art and fishing, and I am lucky to now consider him a friend. When he extended an invitation to meet him here, I readily accepted.

During that trip, I had the pleasure of meeting a number of senior leaders and government officials, including His Excellency Mohammad Al Gergawi, Minister of Cabinet Affairs and the Future of the United Arab Emirates, and His Excellency Essa Kazim, Governor of Dubai International Financial Centre. As the world looks forward to Expo 2020, let me say that Dubai will be the perfect host for such a wonderful event. It will give the world a chance to celebrate all that you have accomplished as well as look forward to all that you have yet to achieve.

One of the highlights of my trip last March had nothing to do with financial regulation; rather, it involved Saeb showing me around the enormous Art Dubai exposition. Saeb is an expert in Middle Eastern art, having written a famous book on the topic, and it was a joy to learn from him as we viewed brilliant works by Chaouki Choukini, Kourosh Shishegaran, Ben Bella, and Khaled Zaki. There was one exhibit that I remember distinctly, however, but mostly for the discussion it elicited. An artist group called teamLab [1] created a digital art piece presented through a video screen that evoked a living, moving water pond. Art by Algorithm, Saeb and I thought. Or was it? Could an algorithm actually be considered art? How easily could it be copied and reproduced, with or without the artists’ permission? What is it exactly that a purchaser owns – a computer program? As I looked at the piece, it was unquestionably artistic, but was it art work ?

I began reflecting on other art I had seen which contained distinct algorithmic components. A chandelier titled “Volume” by artist Leo Villareal displayed in the Renwick Gallery across from the White House in Washington, D.C. uses an algorithm to control its 23,000 different LED lights. According to an article describing the exhibit, “[i] t requires hours using his custom software to tune it, adjust it, and refine the light patterns to create the right brightness and tempo—part conductor, part programmer.”[2] During my tour of Bloomberg’s new London headquarters last year, one point of interest was a water feature installation by Spanish artist Cristina Iglesias, titled “Forgotten Streams,” with different water speeds and volumes controlled by an algorithm for various effects.

We are living during a period of large-scale technological advancement and adoption. These developments are challenging our current beliefs, as well as our current constructs. Just as my discussion with Saeb reflected the potential transition of artwork from the physical to the algorithmic, so too are discussions in financial markets and regulatory spheres reflecting a transition from the intermediated to the distributed, dis-intermediated environment of the internet-based blockchain world. How can our regulatory apparatus, built to register and oversee intermediaries, adequately police our markets and set standards for a disintermediated market?

A particular area of interest to me is how regulators apply existing legal paradigms to novel technologies not contemplated when those laws were adopted. In the past, the CFTC has supervised the derivatives markets through the registration of market intermediaries. For example, m uch of the CFTC’s regulatory structure for promoting market integrity and protecting customers revolves around the regulation of exchanges, swap dealers, futures commission merchants, clearinghouses, and fund managers. However, this supervisory framework is not applicable in the disintermediated world of blockchain, which raises several complex legal and policy issues. In the context of decentralized blockchains, like ethereum, on top of which multiple applications can run autonomously via smart contracts, it requires identifying who is responsible for ensuring that activity on the blockchain complies with the law.

Blockchain Smart Contracts

Before we go on, let’s review the key players essential to powering smart contracts on the blockchain.

First, there is the group of “core developers,” who write the foundational open-source software underlying the public blockchain. Typically, these “core developers” do not play an active role in managing the blockchain. However, they do tend to retain some responsibility for its ongoing operability. [3] For example, in the past, core developers of some chains have developed software updates to address bugs in the code or put forth solutions to address events, such as hackings, that may threaten the viability of the chain. [4]

Second, you have users – for example, individuals who own cryptocurrency, like bitcoin or ether, and use the blockchain to transact.

Next, in order to validate those transactions, “miners” bundle groups of transactions into blocks and solve a complex mathematical problem to arrive at a unique solution – a process called “hashing.” If a majority of the nodes on the chain confirm the miner’s solution, then the block is validated and added to the chain.

Some blockchain networks, like ethereum, allow smart contracts to be integrated into the chain. In brief, a smart contract is a computer code containing all terms of the contract and is self-enforcing – meaning the software can execute the terms of the contract without additional input from the parties. [5] Once the smart contract is formed on the ethereum network, it operates without further intervention. Some software developers have written code that allows users to create specific types of smart contracts that can be deployed on the blockchain. Once users download this application, they can easily find others using that same protocol willing to transact.

To recap, there are many actors essential to the functioning of the blockchain ecosystem: the core developers of the blockchain software, the developers of smart contract applications, miners that validate transactions, and users, who transact and execute smart contracts on the chain.

Smart contracts are easily customized and are almost limitless in their applicability. For example, a protocol could create smart contracts for flight insurance. If you were worried about a flight being late, you could check how much it would cost to buy insurance, and if you thought the price was reasonable, you could purchase the contract with cryptocurrency. Then, if your flight was late, the contract, by consulting public flight records, would automatically compensate you for the delay. Smart contracts could also be used to facilitate the sharing economy by enabling users to rent houses, cars, and other property.

Other protocols could create smart contracts that more closely resemble traditional financial products. For example, individuals who believe they have developed predictive data about future financial events, like a stock’s performance, could offer their data for purchase via smart contracts. Depending upon the facts and circumstances, this activity could present regulatory issues. It could look like providing investment advice, or, given the anonymity of the predictions, could be used nefariously to facilitate insider trading.

Other protocols could allow individuals to create their own smart contracts predicting future events more broadly. Essentially, these contracts would allow individuals to bet on the outcome of future events, like sporting events or elections, using digital currency. If your prediction is right, the contract automatically pays you the winnings. Again, depending on the facts and circumstances, this could look like what the CFTC calls a “prediction market,” where individuals use so-called “event contracts,” binary options, or other derivative contracts to bet on the occurrence or outcome of future events. In the past, the CFTC has generally prohibited prediction markets as contrary to the public interest, only permitting them in limited circumstances when it has found that they operate on a small-scale, non-profit basis, and serve academic purposes. [6]

As we just noted, there are innumerable types of smart contracts on the blockchain, many of which operate entirely outside of the CFTC’s jurisdiction. But, what steps should the CFTC take if it learns of a smart contract protocol that may implicate its regulations?

Applying Old Law to New Products

In my view, with respect to any smart contract protocol, the first step in the analysis is defining the basic nature of the contract. Is it a contract for sale or a rental agreement? Or, does it have the essential characteristics of a swap, future or option? If so, is the product accessible by U.S. persons? If the contract is a product within the CFTC’s jurisdiction, then regardless of whether it is executed via a written ISDA confirmation or software code, it is subject to CFTC regulation.

If the smart contract is within the CFTC’s jurisdiction, then the next question becomes, is the method by which it is being transacted on the blockchain compliant with CFTC regulations? If the contract is a swap, is it being offered to retail participants? Is it a product that must be traded on an exchange? Does the protocol itself perform exchange-like functions by facilitating trading, thereby potentially implicating registration requirements? These are all open questions that the CFTC must consider and resolve as smart contracts proliferate and perhaps become a common feature of our financial markets.

Now, let’s assume the CFTC has answered all of these questions for a particular smart contract it is examining. Let’s say the hypothetical product at issue is within our jurisdiction, but is not being executed in a manner compliant with CFTC rules. Who should be held responsible for this activity? How should the CFTC enforce its regulations against a software code, rather than a registered intermediary or an exchange? The answers to these questions are still being contemplated, but I have a few thoughts of my own that I would like to share and on which I would welcome feedback and discussion.

Let’s apply the general analytical framework I’ve described above to our earlier example of the “prediction market.” In this hypothetical, after performing a facts and circumstances analysis, the CFTC has determined that the smart contracts executed on the blockchain are binary options, which are within the CFTC’s jurisdiction. Binary options are a type of option whose payoff is either a fixed amount or zero. For example, there could be a binary option that pays $100 if the price of gold is above $1,200 per ounce on a specified date and zero otherwise.

Moreover, the contracts in our scenario likely qualify as event contracts that are based upon the occurrence or non-occurrence of an event (as opposed to a price of a commodity). Event contracts have a unique spot in CFTC jurisprudence because of the public policy concerns they raise. For example, event contracts based upon war, terrorism, assassination, or other similar incidents may be contrary to the public interest – in which case, the CFTC can prohibit an exchange from offering the contract. [7] Because of these concerns, as noted above, the CFTC has historically only authorized off-exchange trading in event contracts in limited circumstances, on specific types of events, for academic purposes, and with strict limits on the amounts retail customers can invest. [8] Therefore, the particular fact pattern described above – event contracts, executed in a potentially for-profit manner, between retail customers, on any conceivable event, for any sum of money – raises multiple CFTC regulatory concerns.

But who should be held accountable for this activity?

Enforcement on the Blockchain

One could look to the core developers of the underlying blockchain code. Without this foundational code, the smart contracts could never be executed. However, these core developers had no involvement in the development of the smart contract code. They invented a code upon which any number of applications can run and, in my view, it seems unreasonable to hold them accountable for every subsequent application that uses their underlying technology, without further evidence of knowledge or intent. They may not even be aware that this particular type of smart contract has been deployed.

Similarly, miners and general users of the blockchain are not in a position to know and assess the legality of each particular application on the blockchain. The anonymous, decentralized nature of the chain makes it difficult or even impossible for miners and users to monitor the activity of other miners and users.

That leaves us with the developers of the smart contract code that underlies these event contracts, as well as the individual users who then use that code to create and wager on their own event contracts. The developers of the code could claim that they merely created the protocol and therefore have no control over whether and how users choose to use it once it is part of the public domain. They would place the liability on the individual users, who are the actual creators and counterparties of the event contracts.

In my view, this analysis misses the mark. Instead, I think the appropriate question is whether these code developers could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations. In this particular hypothetical, the code was specifically designed to enable the precise type of activity regulated by the CFTC, and no effort was made to preclude its availability to U.S. persons. Under these facts, I think a strong case could be made that the code developers aided and abetted violations of CFTC regulations. [9] As such, the CFTC could prosecute those individuals for wrongdoing.

Think of someone asking you to borrow the keys to your car because they want to rob a bank. If you let them borrow your car, it would be reasonable for the government to hold you partially responsible for the ensuing criminal activity. However, it would be unreasonable for the government to prosecute the car manufacturer.

Enforcing CFTC regulations against those individuals does not immediately stop the activity from occurring, because individual users could continue to use the software to execute their own event contracts. What does the CFTC do then? The CFTC could attempt to raise awareness by U.S. participants that the activity is illegal. In addition, it could attempt to prosecute individual users of the contracts to discourage future participation. Ultimately, however, going after users may be an unsatisfactory, ineffective course of action. From a practical perspective, the blockchain is an anonymized, global network. It seems likely that determined users will be able to gain access.

The variability of international regulations also raises issues. For instance, although the CFTC heavily regulates trading in event contracts, other jurisdictions view them differently. In the United Kingdom, for example, event contracts are not viewed as financial instruments, but rather as a permitted form of wagering regulated by the Gambling Commission. And, although the United States permits binary options based on commodity prices, the European Union bans that very same type of product. [10] How then does the CFTC enforce its regulations on U.S. activity when the marketplace for that activity has become seamless, anonymized, and global? I do not have all the answers today, but I expect it may be an issue that the CFTC faces in the future, as public blockchains create international markets in which everyone wants to participate.

Engagement Instead of Enforcement

Yet, this outcome may be avoidable. Developers of smart contract code could also engage with CFTC staff to see if there is way the code’s product can comply with CFTC regulations. CFTC staff is open to engaging with innovators to understand new technological infrastructures and applications and to work to ensure these activities are undertaken in a manner compliant with the law. In some cases, it may be that new products require the Commission to rethink its existing regulations or provide regulatory relief – both courses of action that I think would be appropriate depending upon the technology in question.

It is for precisely this reason that CFTC Chairman Giancarlo created the LabCFTC group at the Commission. One of LabCFTC’s primary goals is to interface with the fintech community and other regulators to deepen the agency’s understanding of technological innovations and provide guidance to innovators about how CFTC regulations may be implicated by their work. In its first year of existence, LabCFTC has already held 200 meetings with innovators, fintech start-ups, and well-established financial players to engage on their views and innovations.

I would much rather pursue engagement than enforcement – but in the absence of engagement, enforcement is our only option.

Code as Law

This discussion leads me to my final point today. I have heard some say that “the code is law,” meaning that if the software code permits it, an action is allowed. I disagree with this fundamental premise. Case law, statutes, and regulations are the law. They apply to the code, just as they apply to other activities, contracts, or agreements.

But what about when the law’s applicability has yet to be tested? For example, in the case of a 51% attack, where one bad actor, or a coordinated group of bad actors, amass more than 51% of a blockchain’s computing power, so that they can insert their own false values and transactions into the system to steal cryptocurrency from other users. Or, take the example of The DAO, where users exploited a bug uncovered in the code and stole 3.6 million ether. In that instance, the perpetrator(s) argued strenuously that the action was not theft, but rather the rightful gains he or she earned by detecting and exploiting an error in the code. [11]

Technically, all the users on the blockchain are aware of the possible risks posed by a 51% attack or a bug in the code. By participating on the chain, are they knowingly assuming the risk of these incidents occurring? Or, is there an implicit agreement among participants on the blockchain that they will not take actions to undermine the operability and integrity of the blockchain? It is certainly possible that the software code does not represent the entirety of the participants’ agreement and must be interpreted in connection with traditional contract law concepts like good faith and fair dealing.

In addition, derivative or investment contracts are still subject to regulations, with the CFTC responsible for promoting the market integrity of the derivatives markets. In other words, a contract can’t say anything that it wants.

A recent market integrity issue in the credit default swap space provides an interesting example. The issue raised the possibility of a “manufactured default” – a scenario where a company would technically default on an obligation in a way that would benefit an outside party’s CDS holdings in exchange for favorable financing by that party to the company. While potentially valid under the terms of the written CDS contracts, such activity, especially if it were to become commonplace, would threaten the integrity of the CDS market. While I am strongly opposed to inserting the agency into private contract disputes, where market integrity is clearly threatened through widely adopted contract loopholes - such as arranged default scenarios or 51% attacks on a blockchain - I believe the CFTC could consider investigating such conduct for fraud or manipulation.

Conclusion

Smart contract applications on blockchain networks hold great promise. They have the potential to open up new markets and create efficiencies in existing ones. At the same time, they also raise novel issues of accountability that users and policy makers alike must consider.

In the course of my reading to prepare for this speech, I came across a quote from acclaimed American scientist, Carl Sagan, who stated, “[w]e live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” Unfortunately, I think his observation has only grown truer with time. I am hopeful, however, that it does not apply to the U.S. Commodity Futures Trading Commission.

Our rapidly evolving technological landscape poses challenges for all of us. As such, I think it is incumbent upon regulators to continually educate ourselves on new technological developments, so that we can accurately evaluate their benefits and risks and develop appropriate policy responses.

Thank you for having me at this magnificent event. It is truly a pleasure to be with you.