On Monday, Sam Bankman-Fried (“SBF”), the co-founder and former CEO of bankrupt cryptocurrency exchange FTX was arrested by Bahamian authorities following his indictment by a federal grand jury in the Southern District of New York. The collapse of FTX and charges against SBF—eight criminal counts, including wire fraud, conspiracy to commit commodities fraud, and conspiracy to commit securities fraud—have brought to the fore questions of how to regulate crypto exchanges in the U.S.

Congress raised these questions in a pair of hearings this week before the House Financial Services Committee and Senate Banking Committee. Jennifer Schulp testified yesterday before the Senate Banking Committee about the need for regulatory clarity for crypto exchanges; today we released a working paper offering our answers and proposing how Congress can provide such clarity for U.S. crypto marketplaces.

Exchanges for buying, selling, and trading crypto tokens serve a diverse range of users, from sophisticated cypherpunks to casual retail customers. Like crypto tokens themselves, the exchanges on which they trade can be either centralized projects reliant on human managers (centralized exchanges) or decentralized software protocols (decentralized exchanges, or “DEXs”) composed of self-executing smart contracts.

There are important distinctions to be drawn between centralized exchanges—of which FTX was one egregiously mismanaged example—and decentralized projects that seek to minimize the role of human financial intermediaries. Among their typical features, centralized crypto exchanges, like traditional banks and brokers, custody assets on customers’ behalf and maintain their own transaction records. On typical DEXs, by contrast, users self-custody their own crypto tokens and settle transactions on public, distributed ledgers.

Through the infamy of SBF’s FTX, the core risks of centralized exchanges—that managers can lie and steal—are now well-known. Bona fide DEXs seek to mitigate these classic intermediary risks through technology that takes asset custody and bookkeeping out of the hands of managers.

To be clear, DEXs carry their own risks—including complex (albeit public) transaction histories and cybersecurity vulnerabilities—and the choice to use them almost certainly will vary by a user’s needs and preferences. But, fundamentally, the risks of managers committing fraud are different from the risks of computer code containing bugs, and laws ought to treat them differently.

Therefore, we call on Congress to narrowly tailor crypto exchange legislation to relevant risks by clearly defining what it means to be a decentralized exchange; providing centralized crypto token exchanges with a practical path to register with their respective regulators (e.g., the Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC)); and making such registration strictly voluntary for decentralized crypto token exchanges.

Regulatory Clarity for Crypto Marketplaces

When defining decentralized exchanges, the primary question is whether no single person or group has discretionary control of the DEX protocol. So, in essence, we propose that Congress amend both the Securities Exchange Act and Commodity Exchange Act to define decentralized crypto exchanges as those crypto trading marketplaces that are composed of open-source smart contracts, do not rely on custodial intermediaries, have public transaction histories, do not give any single person or group decisive, practical control over governance decisions, and do not make to end users promises of performance without which the exchange would not operate or provide its promised benefits.

For crypto exchanges that do not meet that definition—centralized exchanges—customers may reasonably question what standards the exchanges will apply for maintaining custody of customer assets, implementing cybersecurity safeguards, providing best price information, and protecting participants against fraudulent and deceptive trading practices. So far, however, U.S. regulators’ approach of making crypto exchange policy through ad hoc enforcement actions and vague public pronouncements has failed to provide a practical path for centralized crypto marketplaces to operate at scale without undue compliance risk. To overcome the chilling effect of unpredictable, impractical, and (at times) conflicting rules, lawmakers and regulators should provide a clear registration pathway for centralized crypto exchanges. For centralized crypto commodity exchanges, this means registering with the CFTC by, for example, disclosing the exchange’s policies related to asset custody, security, and fraud prevention. For centralized crypto securities exchanges, existing securities laws and rules covering broker-dealers ought to be revised to allow for the lawful operation of retail-facing marketplaces for crypto securities.

Where DEXs are concerned, a competitive market for exchanges should be allowed to supply users with the level of protection they prefer. DEXs should be afforded the option of voluntary registration as a way to signal that their consumer protections satisfy regulatory standards to at least the same degree as those of centralized exchanges. Optional, not mandatory, DEX registration, though, recognizes the capacity of DEXs to address intermediary risks through technology; promotes innovation in DEX design, including in providing consumer protections; embraces the rapid pace of DEX iteration; and makes room for DEXs’ key attributes—their openness and interoperability.

Speaking to lawmakers this week, John J. Ray III, the CEO hired to shepherd FTX through bankruptcy, stated that FTX’s mismanagement amounted to what “is really just old-fashioned embezzlement.” Such “old school” risks, to borrow Ray’s phrase, are no reason to ban—as some have proposed—either centralized or decentralized marketplaces for trading crypto tokens. In order to make the U.S. a hospitable jurisdiction for crypto users, exchanges, and developers, Congress should provide a regulatory framework that narrowly targets relevant risks and provides much needed regulatory clarity.