INX made history last year with the first-ever public offering of a digital security registered with the SEC.
That move by the blockchain-based service for trading cryptocurrencies and digital assets was a big deal at the time: The SEC has had a reputation for being particularly tough on crypto, and companies have long complained that the agency hasn’t put out clear rules for how they should operate. This was highlighted by legal disputes between the SEC and players like Coinbase and Ripple.
General Counsel Cathy Yoon said INX’s IPO was a triumph for a company whose CEO, Shy Datika, wanted to “issue something digital without having the SEC come after me,” she told Protocol. INX did it by working closely with the SEC and doing everything by the book, a process Yoon described as “a 950-day journey” with the regulator.
But Yoon offers this advice to crypto companies: Waiting for the SEC’s blessing isn’t always the smart move.
“My biggest concern is that companies will go to the SEC or other regulators with the idea that if you can get permission before you do it, that you're going to be OK,” Yoon said.
Yoon elaborated on how she thinks crypto companies should deal with the SEC in an interview with Protocol. She also talked about what to expect in the coming regulatory battles over crypto, why she’s unimpressed both with SEC Chairman Gary Gensler and Coinbase’s proposal for a separate crypto regulator, and her misgivings about a plan for a digital dollar.
This interview has been edited for brevity and clarity.
This is expected to be a big year in crypto regulation. What do you see on the horizon?
I have a lot of optimism for this space. But I think from a regulatory perspective, especially in the United States, the regulatory clarity that everyone is looking for, we're probably not going to get it this year. It really hurts me to say this, because I think we're all fighting the good fight. I think everyone in the space understands now that education is a large part of what we do in our day to day.
Chair Gensler has reached out to Congress for additional supervisory powers, but even if he gets them, I really don't know if he's going to put the SEC on the line to come out with kind of bright-line rules and regulations. Because if something goes wrong, people are going to blame the SEC, saying, “You let this happen on your watch.” I think that's just something that people need to be mindful of.
When Gensler took on the job, many expected him to be a breath of fresh air given his knowledge of blockchain and crypto. How do you view his performance?
I was a little hesitant and skeptical about his appointment. And it's only because I have former colleagues who worked with Gensler when he was at the CFTC. They didn't think that his approach to the way he ran that agency was going to fit in well with a more progressive, open-minded view that we would hope from the SEC chair.
He really had to carry the line that Chair [Jay] Clayton started because as an agency, you don't want to flip-flop. You don't want to step back from your predecessor’s views. He very much agreed with Chair Clayton that every token that he sees looks like a security, and that line has not changed.
He's going a step further. Now he's saying that exchanges are trading platforms that facilitate the trading of these cryptocurrencies. He’s also saying they need to fall under the securities laws and registration.
Is there anything that you see as positive or promising in Gensler’s term?
Do I have to answer? Is that telling in and of itself? If there could be certain instances where it's shown to be a positive move to go and speak with the SEC, to see if there's some movement, I think then it'd be like, “Yes.”
What is your biggest worry on the regulatory front this year?
My biggest concern is that companies, projects and founders will go to the SEC or other regulators with the invitation, “Come speak with us,” with the idea that if you can get permission before you do it, that you're going to be OK.
But in order to get to the place where you go to the SEC with your proposal, you've already [spent] a lot of money. You have to build the team. You have to build the tech. You've incurred legal fees, auditing fees. [Maybe] the SEC is going to make a good-faith effort and try to help you find a solution. But that might take 18 months. If you're pre-revenue, how are you going to survive for 18 months while waiting for the SEC?
What allegedly happened with Coinbase when they went to speak with them — I only know Coinbase’s side — but they were served with a Wells notice. There would be potential enforcement action based on that meeting. Why would anyone go speak with the SEC if that's a potential outcome?
My approach is: I have a pretty good understanding of the existing rules and regulations. I’m a pretty smart lawyer. I’ve been doing this for a while. I think I can make a good-faith effort or attempt to look a regulator in the eye and say, “You know what, I'm not going to ask for permission. These are the current rules and regulations, and this is how I'm going to steer my company to do things.”
I'm not going to wait. I'm going to make sure that we try to bring revenue in the door and survive. And I'm hoping that approach will work. Instead of being shut down, [the regulator would say,] “We understand why you did it. We don't like why you did it this way. So maybe you can do it this way.”
I think that would be the better approach. My fear right now is that it doesn't seem to me that the SEC, even if you went to them, would even be able to work with you to come out with a workable solution. So why are you going to wait when you can do things in a compliant manner, put something down and give the SEC something to work with?
As an operating company, I juggle every day: How much do I go and try to help move my company forward without asking for permission? What is that risk profile? Or do I stop everything and ask for permission? My biggest concern is that people will stop everything.
In your view, that’s the better approach given the climate...
I feel like it's the only approach, because from what we have seen, the SEC hasn't been able to come up with any solution to move anyone forward.
This is not legal advice. I'm not telling people to go out there and kind of push things through. But I'm just saying that I think there needs to be a balance. Companies, whether or not they're going to be revenue-generating, it shouldn't be because they're waiting for the SEC to learn enough to make a determination. It should be the market determining whether or not they like the product.
Some crypto institutions have presented proposals for how to regulate them. One of them came from Coinbase, which has called for the creation of a separate regulator for crypto. What do you think of that idea?
The SEC has said over and over again that they are technology-neutral, they are not regulating technology. For these companies to ask for a separate standalone regulator specific for our technology — that, to me, is stupid.
I mean, how do you argue that a regulator is not being technology-neutral and then you want a regulator specifically for this technology? For me, the bigger-picture issue is not regulating blockchain or crypto or digital assets. It really is to be able to find a way to get regulators up to speed, to educate themselves. This isn't the only emerging technology that we're going to face. Ten years from now, it might not be blockchain. It might be some derivative of it or something else.
So regulators, for me, need to be able to understand and shift and pivot to see the bigger picture when it comes to emerging technology and what it means for our capital markets, efficient markets, protection of investors. I think having a standalone regulator might help us today. But I think we as a space need to be a little bit more responsible and have some foresight, and think about what this is going to mean for the next stage.
Who would you like to take the lead in this?
I think there are lanes for a reason. The tricky part is that the current rules and regulations all regulate intermediaries. What happens when you have protocols or systems or processes that remove those intermediaries? You've now removed the very subject of rules and regulations.
Right now, broker-dealers are intermediaries, so [do] the rules and regulations actually deal with them, or they deal with an issuer or they deal with a bank?
Say you have a tungsten cube and I want to buy it from you. You and I, over Zoom, can say, “For $100, you can have my tungsten cube.” And I'll just send you a Zelle, Venmo or whatever. That transaction isn't regulated.
But if you post it on eBay or something else, and then you start using their fiat on-ramps to help settle it, they’re regulated because they want to make sure that you're not selling something fraudulent. The bank that gets attached to it, they have the obligation to do KYC and AML on you to make sure that you're not money laundering.
That's where the intermediaries come in and that's where the rules and regulations come in.
What do you think of the plan to introduce a U.S. digital dollar?
I'm of two minds when it comes to CBDC. Going back to the same transaction where if I want to lend you $1, no one knows. It's just between us. Once you have a CBDC, it's attached to your identity. All of a sudden, that anonymous transaction where I could lend you $1 without anyone else knowing but us, everyone knows.
Isn't that a good thing?
I guess it depends. If you want me to lend you 10 bucks because you want to buy your significant other something, but you have a joint bank account and you want to keep it a secret, why should everyone know? My whole issue with Venmo in the beginning was that everyone could see that I was paying someone back for my share of dinner.
My little sister — she's 19 years younger than I am — she’s used to broadcasting everything that she does. In terms of privacy, it's not a big part of things. But for me, privacy has always been very, very important. I don't know. Maybe I have an old-fashioned way of looking at things. That's why CBDCs scare me.
When I was 16 or 17, I went to my local branch to open a bank account. I showed my ID. I got a bank card. I had to go to the teller before ATMs were around. That's how I did my banking transactions.
When I got my first ATM card, I was able to take money out but I was scared to put money in because I was like, “Where's my money going?” By the time mobile banking came around, I was like, “This is amazing. I don't have to go to the teller. I don't have to do anything.”
Now you have entire generations where they have apps. You're able to open some sort of savings account. You attach it to a cash management account. No brick and mortar. You're putting all this information out there. So maybe we've shifted to where it's more convenient and less privacy. This is a long way of saying I think there are pros and cons of CBDCs.
Can you talk about how you first got exposed to crypto?
I heard about bitcoin for the first time, I think, in 2014. And I hate to admit it, but I dismissed it off the bat. I was just like, I don't understand it — hashing, cryptography and all this other stuff. So I dismissed it.
In 2016, I was at Bank of New York Mellon. At this point, Dodd-Frank was in full effect. We’re no longer allowed to grow via acquisition. The whole concept of "too big to fail" was not something that the government wanted us to have as part of our lexicon. I was an M&A lawyer doing mergers and acquisitions for a large financial institution. For someone who was suddenly not able to do it, I had a midlife crisis, or an identity crisis.
So I was trying to figure out, well, what can I do with my skills? And so I pivoted internally and started working on the bank’s minority investments and fintech companies, accelerators and incubators. Then I pivoted to looking at the bank's enterprise blockchain consortium deals. It was at that point that I learned about [distributed ledger technology] and the technology underlying bitcoin.
I didn't even bother to understand the technology when I first learned about bitcoin. Then when I kind of learned about it and what the potential use cases could be, I said, well, I don't want to be stuck doing it on the enterprise side. I really want to dig into some of the use cases. In 2017, I left my very comfortable, boring job and jumped headfirst into startup life to just learn as much as possible. And I haven't looked back since.
This was Genesis Block, a blockchain advisory firm. For the first time, I was really able to dig in and take all the experiences I've had and to really apply it to try to build something. For the first time in a very long time, I enjoyed practicing law again. And I got over my fear of public speaking as well.