Marketplaces for buying, selling, and trading crypto tokens serve diverse users, from sophisticated cypherpunks to casual retail customers. Some marketplaces provide intuitive onramps to the crypto ecosystem, allowing users to purchase cryptocurrencies with fiat money. Others provide technical infrastructure for decentralized finance, or “DeFi,” enabling permissionless, disintermediated global transactions.

Crypto marketplaces can be either decentralized protocols composed of code (decentralized exchanges, or “DEXs”) or centralized projects reliant on intermediaries (centralized exchanges, or “CEXs”). Likewise, crypto tokens can be decentralized, functioning as commodities, or centralized, exhibiting the characteristics of securities.1 The crypto ecosystem thus can be thought of as a two-by-two matrix consisting of both DEXs and CEXs for trading both crypto commodities and crypto securities (see Table 1).

This briefing paper focuses on decentralized exchanges and, in conjunction with Part II on centralized exchanges, proposes crypto marketplace regulatory policy sensitive to these distinctions. Together, these papers call on Congress to narrowly tailor rules to relevant risks by defining what it means to be a decentralized exchange, providing centralized crypto exchanges with practical paths to register with their respective regulators (e.g., the Securities and Exchange Commission [SEC] or the Commodity Futures Trading Commission [CFTC]), and making the registration of decentralized crypto token exchanges strictly voluntary.

Part I describes how bona fide DEXs mitigate by design many of the intermediary risks that traditional financial marketplace regulations seek to address, provides definitions for decentralized and decentralizing exchanges, and explains why DEX registration should be strictly voluntary. Part II describes centralized exchanges and proposes tailored registration and disclosure pathways for centralized and decentralizing crypto marketplaces.

These proposals support informed consumer choice among crypto marketplaces based on individuals’ needs, not legacy regulations that disserve entrepreneurs, developers, and users.

Background on Marketplaces and Their Regulation

Time-tested marketplaces for financial instruments have historically evolved private rules and norms before governments intervened.2 With respect to securities, the Buttonwood Agreement—named, according to legend, for the buttonwood tree where New York’s early stock traders informally met—was signed in 1792, forming one of the bases for the New York Stock Exchange (NYSE).3 Notably, most state securities laws exempted stocks listed on the NYSE, which already provided its own stricter rules.4 The federal Securities Act would not come until 1933, and the Securities Exchange Act until 1934. On the commodities side, the Chicago Board of Trade, incorporated in 1859, arose to help merchants regularize their trade and arbitrate disputes.5 From there, futures trading “emerged spontaneously” to mitigate the risks of commodity price volatility.6 A federal commodity futures law that passed constitutional muster would not come until the Grain Futures Act of 1922.7

Modern U.S. exchange regulations seek to address the “intermediary risks” posed by the middlemen that make up secondary markets for financial instruments.8 Regulations under the Commodity Exchange Act of 1936—as amended by the Commodity Futures Trading Commission Act of 1974—and the Securities Exchange Act of 1934 (Exchange Act) require, among other things, exchanges to register with and comply with the rules of their primary federal regulator (e.g., the CFTC or SEC) and to surveil and police members’ conduct.9 Although the SEC’s and CFTC’s approaches differ, they serve similar functions.10 Both seek to address risks related to asset custody, market transparency, market manipulation, and fraud. One core compliance responsibility imposed on marketplaces is to protect against members’ “trading abuses” and “price manipulation.“11 These include practices such as front running, wash trading, spoofing, and layering.12 The rationales for protecting against these practices are that they variously misappropriate protected information, fabricate transactions, violate duties to clients, or distort supply and demand signals.

Decentralized Crypto Marketplaces

The first cryptocurrency tokens were mined on January 3, 2009, with the Bitcoin Genesis Block.13 The first secondary market cryptocurrency transaction effectively took place nine days later when Bitcoin’s pseudonymous creator, Satoshi Nakamoto, sent 10 bitcoin to cryptographer Hal Finney.14 Bitcoin’s early trading was more buttonwood tree than NYSE, involving informal coordination between buyers and sellers using online forums and fintechs like PayPal.15 Early marketplaces followed, such as Bit​coin​mar​ket​.com (launched in 2010), which offered escrow trading and price data.16

DEXs, by contrast, leverage smart contracts—software programs stored at blockchain addresses that self-execute when specified conditions are met—to disintermediate crypto token exchange.17 Whereas centralized crypto exchanges are a continuation of traditional financial intermediation, decentralized crypto exchanges break with history, replacing intermediaries with open-source software.

While designs vary, in their purest form, DEXs decentralize core exchange services: custody, market making or order book matching, and settlement.18 DEXs allow users to self-custody their tokens with their preferred hardware or software wallets for storing the unique private keys that control users’ own blockchain addresses.19 DEXs employ different solutions to organize sales, including automated market maker (AMM) pools and on-chain order books.20 AMMs avoid order books entirely; instead of matching buyers and sellers, they incentivize the creation of standing liquidity pools composed of pairs of exchangeable tokens (e.g., USD Coin and Ether), the prices of which are determined automatically.21 On-chain order books match buyers and sellers, but unlike traditional exchanges, they host offers in smart contracts that make transactions transparent and do not rely on the good faith of intermediaries for execution.22

Fundamentally, DEX protocols cannot exchange fiat currency directly, only crypto tokens (including fiat currency–pegged stablecoins). DEXs composed of auditable smart contracts written in open-source code also are public by design. DEXs generally allow users to list their own tokens—provided the tokens’ underlying blockchain infrastructure is compatible with the relevant DEX smart contracts.23 While providers of certain front-end graphical user interfaces for DEX protocols can effectively delist certain tokens from their front ends, because DEX smart contracts are open-source and can be iterated upon, the choices of one front end do not determine the capabilities of an entire DEX protocol.24 In addition, DEXs can provide community governance rights, allowing holders of specialized tokens to propose and vote on changes to protocols.25

Addressing Intermediary Risks

Financial marketplace laws are designed to address intermediary risks. At a high level, these risks relate to custody (do intermediaries safeguard customer assets), market transparency (are transactions and trading practices publicly legible), and market manipulation (do unfaithful agents or fraudulent and deceptive practices harm market participants). CEXs and DEXs do not present these risks equally. For example, DEXs do not present the same custodial risks as CEXs, as pure DEXs do not custody the assets of users making trades.26 DEXs also operate in the open, settling transactions on public blockchains using auditable smart contracts.27 Therefore, subjecting bona fide DEXs to traditional regulation regarding asset custody and marketplace transparency would be inappropriate.28

DEXs are not immune, however, from manipulative trading strategies.29 But the relevant question for addressing this risk is what role DEXs play in creating vulnerability to it, as well as in preventing or remediating it. For example, “front running”—transacting in an asset with knowledge of a future transaction anticipated to affect that asset’s price—occurs on DEXs but not in the conventional form of exploiting nonpublic information (e.g., insider knowledge).30 Rather, on DEXs, front running typically is an artifact of certain users—not the protocol—taking advantage of public information, such as a database of transactions waiting to be recorded on a blockchain.31 Thus, front running is not appropriately regulated as an intermediary risk of DEXs.

Other types of users’ manipulative trading practices seeking to influence supply, demand, price signals, and, in some cases, exchange fee generation also can afflict DEXs, as can cybersecurity vulnerabilities.32 But the costs of mandating that DEXs take affirmative measures to address these risks exceed the benefits. For one, as described above, the public nature of blockchains means that DEXs need not be deputized to police activity on behalf of regulatory bodies that otherwise would have no market visibility. In addition, imposing a compliance regime designed for centralized intermediaries onto DEXs, such as mandates to maintain chief compliance officers, has the counterproductive consequence of reintroducing greater intermediary risk from active personnel. As discussed below, permitting, not constraining, rapid DEX iteration can improve consumer protection through competition.

A Framework for Crypto Marketplaces

Because centralized and decentralized exchanges present different risk profiles, regulations ought to be tailored accordingly.

Outright fraud should be prohibited regardless of the type of marketplace in which it occurs.33 Securities laws and regulations already address this problem, making it unlawful to defraud or make untrue statements or misleading omissions of material fact in connection with the purchase or sale of any security.34 The same is effectively true in the commodities context, where it is unlawful to intentionally or recklessly defraud or make any untrue or misleading statement or omission of material fact in connection with a contract of sale of any commodity in interstate commerce.35

Beyond anti-fraud authorities, however, applying legacy securities and commodity futures exchange rules to crypto marketplaces creates regulatory uncertainty and fails to distinguish between centralized and decentralized exchanges. To resolve this ambiguity and provide rules narrowly targeted to relevant risks, Congress should define decentralized and decentralizing exchanges; permit DEXs to voluntarily register with their relevant regulator—the CFTC for crypto commodities marketplaces and the SEC for crypto securities marketplaces; and, as described in Part II, provide practical registration pathways for centralized and decentralizing marketplaces (see Table 2).

Defining Decentralized Exchanges

To tailor rules to risks and not chill the development of decentralized marketplaces, Congress should define DEXs. The main criterion is whether no single person or unified group has discretionary control over the DEX protocol. Making this evaluation means considering both technical factors (e.g., whether the DEX is composed of open-source smart contracts) and agency factors (e.g., whether a DEX provider is making promises beyond mere code that the provider’s own performance is necessary for the DEX to operate or for DEX users to receive certain benefits).36 For example, Congress should amend the Securities Exchange Act at 15 U.S.C. Section 78c and the Commodity Exchange Act at 7 U.S.C. Section 1a to include the following:

Decentralized crypto [commodity/​security] exchanges mean any market places or facilities for purchasing, selling, or trading crypto [commodity/​security] tokens, where such market places or facilities:

(A) Are materially and substantially composed of permissionless, self-executing smart contracts written in publicly auditable, open-source code;

(B) Do not rely on custodial intermediaries;

(C) Allow for the continuous public retrieval of their transaction histories;

(D) Do not have outstanding, or possess on behalf of the market places or facilities, administrative privileges or tokens conferring protocol governance rights, such that any person or unified group maintains discretionary, decisive, and practical control over any final decision to substantially change the functionality of the market places or facilities. Notwithstanding the foregoing, ministerially implementing changes resulting from a non-discretionary governance process shall not be construed, without more, as evidence of such control; and

(E) Do not make to end users any implicit or explicit promises of performance, extrinsic to computer code, without which such decentralized crypto [commodity/​security] exchanges would not operate or produce their promised benefits. Notwithstanding the foregoing, representations over a front-end graphical user interface that do not materially differ from a reasonable articulation of the functionality of the exchange’s underlying software shall not be construed, without more, as such promises of performance.

Defining Decentralizing Exchanges

Decentralization may take time. As SEC Commissioner Hester Peirce explained regarding crypto tokens, applying registration requirements to decentralizing projects can create a “regulatory Catch 22” by, for example, inhibiting projects from distributing their tokens widely enough to achieve decentralization.37 Crypto exchanges can face similar challenges. To avoid this situation, exchanges on the path to decentralization should have their own tailored disclosure option, as further elaborated in Part II, allowing them to develop without undue compliance risk.

Accordingly, Congress should define decentralizing exchanges as those projects that satisfy the technical criteria for decentralized exchanges (e.g., that are noncustodial and composed of smart contracts) but do not yet satisfy the relevant agency criteria (e.g., where a unified group of material contributors maintains discretionary control over exchange functionality or is making promises of performance necessary for the exchange to exist). For example, Congress should amend 15 U.S.C. Section 78c and 7 U.S.C. Section 1a to include the following:

Decentralizing crypto [commodity/​security] exchanges mean any market places or facilities for purchasing, selling, or trading crypto [commodity/​security] tokens, where such market places or facilities satisfy subparagraphs (A) through (C) of the definition of “decentralized crypto [commodity/​security] exchanges” and are making material progress toward satisfying subparagraphs (D) and (E) thereof.

Voluntary Registration for DEXs

As described above, bona fide DEXs mitigate many intermediary risks by design. Where DEXs’ relevant risks are concerned, a competitive market should be allowed to supply users with the level of consumer protection they demand. To achieve that robust market, decentralized crypto commodities and crypto securities exchanges should be permitted to voluntarily register with the CFTC and SEC, respectively. Voluntary, as compared with mandatory, DEX registration recognizes the capacity of DEXs to address intermediary risks through technology; promotes innovation in DEX design, including consumer protections; is adapted to the rapid pace of DEX iteration; and provides a wide berth for DEX capabilities (e.g., openness and interoperability). Nonetheless, in a world where centralized exchanges register with regulators (as discussed in Part II), DEXs should be afforded the option to signal that their consumer protection capabilities satisfy regulatory standards to at least the same degree as those of centralized exchanges. Users then can choose their preferred marketplaces.

Optional registration allows for greater experimentation and innovation in technical solutions for protecting users. One problem in applying legacy regulations to DEXs is that their requirements are designed for centralized intermediaries, so the simplest way for a DEX to comply would be to reintroduce greater intermediation. Under a mandatory registration regime, disintermediated safeguards that are unfamiliar to regulators create additional compliance risk. Making registration optional, by contrast, allows DEXs to legally operate while introducing novel consumer protective technologies.

Optional DEX registration also promotes virtuous competition, as opposed to a race to the bottom. Requiring DEXs to demonstrate proactive policies for their marketplaces inadvertently disadvantages DEXs inclined to deter manipulative trading practices and advantages DEXs that are not so inclined. Because DEX protocols are written in open-source code, which allows developers to permissionlessly iterate on existing designs, DEXs face low natural barriers to entry. Whereas compliance-oriented DEXs would face heightened regulatory barriers under mandatory DEX registration, rogue DEXs could go to market immediately, capturing the benefits of network effects. Optional registration, however, lets consumer protection–oriented DEXs launch on competitive timelines without prior restraint.38

Last, voluntary DEX registration facilitates DeFi advances generally. Among the properties that make DeFi innovative are its permissionlessness (i.e., open-source code and standards make iterating on DEX protocols free from gatekeeping by intermediaries or intellectual property restrictions) and composability (i.e., modular and interoperable protocols can be integrated with other DeFi applications). This weighs in favor of voluntary DEX registration for two related but distinct reasons. First, mandatory registration makes a software application integrating DEX functionality a compliance risk, undermining the creative potential of the DeFi ecosystem.39 Second, the permissionless and composable nature of DEXs means their iteration almost certainly will outpace the writing of new rules or the invocation of exemptive authorities. Accordingly, optional DEX registration preserves the open and iterative nature of the DeFi ecosystem.

To allow DEX development and improvement, as well as DeFi’s creative dynamism, DEX registration ought to be strictly voluntary.

Conclusion

Regulations should be tailored to relevant risks and allow consumers to choose the marketplaces that best serve their needs. Subjecting disintermediated, decentralized exchanges to regulations designed for intermediaries is inappropriate and hinders free and open marketplace innovation. Therefore, Congress should define what it means to be a decentralized or a decentralizing exchange and offer an optional registration framework for decentralized crypto marketplaces.