Don’t wait for the SEC, a top crypto lawyer says

INX got SEC approval for a groundbreaking token sale. But companies need to weigh the risks of engaging with regulators, General Counsel Cathy Yoon argues.

Cathy Yoon

INX General Counsel Cathy Yoon is energized by the challenges of crypto.

Photo: INX

INX made history last year with the first-ever public offering of a digital security registered with the SEC.

That move by the blockchain-based service for trading cryptocurrencies and digital assets was a big deal at the time: The SEC has had a reputation for being particularly tough on crypto, and companies have long complained that the agency hasn’t put out clear rules for how they should operate. This was highlighted by legal disputes between the SEC and players like Coinbase and Ripple.

General Counsel Cathy Yoon said INX’s IPO was a triumph for a company whose CEO, Shy Datika, wanted to “issue something digital without having the SEC come after me,” she told Protocol. INX did it by working closely with the SEC and doing everything by the book, a process Yoon described as “a 950-day journey” with the regulator.

But Yoon offers this advice to crypto companies: Waiting for the SEC’s blessing isn’t always the smart move.

“My biggest concern is that companies will go to the SEC or other regulators with the idea that if you can get permission before you do it, that you're going to be OK,” Yoon said.

Yoon elaborated on how she thinks crypto companies should deal with the SEC in an interview with Protocol. She also talked about what to expect in the coming regulatory battles over crypto, why she’s unimpressed both with SEC Chairman Gary Gensler and Coinbase’s proposal for a separate crypto regulator, and her misgivings about a plan for a digital dollar.

This interview has been edited for brevity and clarity.

This is expected to be a big year in crypto regulation. What do you see on the horizon?

I have a lot of optimism for this space. But I think from a regulatory perspective, especially in the United States, the regulatory clarity that everyone is looking for, we're probably not going to get it this year. It really hurts me to say this, because I think we're all fighting the good fight. I think everyone in the space understands now that education is a large part of what we do in our day to day.

Chair Gensler has reached out to Congress for additional supervisory powers, but even if he gets them, I really don't know if he's going to put the SEC on the line to come out with kind of bright-line rules and regulations. Because if something goes wrong, people are going to blame the SEC, saying, “You let this happen on your watch.” I think that's just something that people need to be mindful of.

When Gensler took on the job, many expected him to be a breath of fresh air given his knowledge of blockchain and crypto. How do you view his performance?

I was a little hesitant and skeptical about his appointment. And it's only because I have former colleagues who worked with Gensler when he was at the CFTC. They didn't think that his approach to the way he ran that agency was going to fit in well with a more progressive, open-minded view that we would hope from the SEC chair.

He really had to carry the line that Chair [Jay] Clayton started because as an agency, you don't want to flip-flop. You don't want to step back from your predecessor’s views. He very much agreed with Chair Clayton that every token that he sees looks like a security, and that line has not changed.

He's going a step further. Now he's saying that exchanges are trading platforms that facilitate the trading of these cryptocurrencies. He’s also saying they need to fall under the securities laws and registration.

Is there anything that you see as positive or promising in Gensler’s term?

Do I have to answer? Is that telling in and of itself? If there could be certain instances where it's shown to be a positive move to go and speak with the SEC, to see if there's some movement, I think then it'd be like, “Yes.”

What is your biggest worry on the regulatory front this year?

My biggest concern is that companies, projects and founders will go to the SEC or other regulators with the invitation, “Come speak with us,” with the idea that if you can get permission before you do it, that you're going to be OK.

But in order to get to the place where you go to the SEC with your proposal, you've already [spent] a lot of money. You have to build the team. You have to build the tech. You've incurred legal fees, auditing fees. [Maybe] the SEC is going to make a good-faith effort and try to help you find a solution. But that might take 18 months. If you're pre-revenue, how are you going to survive for 18 months while waiting for the SEC?

What allegedly happened with Coinbase when they went to speak with them — I only know Coinbase’s side — but they were served with a Wells notice. There would be potential enforcement action based on that meeting. Why would anyone go speak with the SEC if that's a potential outcome?

My approach is: I have a pretty good understanding of the existing rules and regulations. I’m a pretty smart lawyer. I’ve been doing this for a while. I think I can make a good-faith effort or attempt to look a regulator in the eye and say, “You know what, I'm not going to ask for permission. These are the current rules and regulations, and this is how I'm going to steer my company to do things.”

I'm not going to wait. I'm going to make sure that we try to bring revenue in the door and survive. And I'm hoping that approach will work. Instead of being shut down, [the regulator would say,] “We understand why you did it. We don't like why you did it this way. So maybe you can do it this way.”

I think that would be the better approach. My fear right now is that it doesn't seem to me that the SEC, even if you went to them, would even be able to work with you to come out with a workable solution. So why are you going to wait when you can do things in a compliant manner, put something down and give the SEC something to work with?

As an operating company, I juggle every day: How much do I go and try to help move my company forward without asking for permission? What is that risk profile? Or do I stop everything and ask for permission? My biggest concern is that people will stop everything.

In your view, that’s the better approach given the climate...

I feel like it's the only approach, because from what we have seen, the SEC hasn't been able to come up with any solution to move anyone forward.

This is not legal advice. I'm not telling people to go out there and kind of push things through. But I'm just saying that I think there needs to be a balance. Companies, whether or not they're going to be revenue-generating, it shouldn't be because they're waiting for the SEC to learn enough to make a determination. It should be the market determining whether or not they like the product.

Some crypto institutions have presented proposals for how to regulate them. One of them came from Coinbase, which has called for the creation of a separate regulator for crypto. What do you think of that idea?

The SEC has said over and over again that they are technology-neutral, they are not regulating technology. For these companies to ask for a separate standalone regulator specific for our technology — that, to me, is stupid.

I mean, how do you argue that a regulator is not being technology-neutral and then you want a regulator specifically for this technology? For me, the bigger-picture issue is not regulating blockchain or crypto or digital assets. It really is to be able to find a way to get regulators up to speed, to educate themselves. This isn't the only emerging technology that we're going to face. Ten years from now, it might not be blockchain. It might be some derivative of it or something else.

So regulators, for me, need to be able to understand and shift and pivot to see the bigger picture when it comes to emerging technology and what it means for our capital markets, efficient markets, protection of investors. I think having a standalone regulator might help us today. But I think we as a space need to be a little bit more responsible and have some foresight, and think about what this is going to mean for the next stage.

Who would you like to take the lead in this?

I think there are lanes for a reason. The tricky part is that the current rules and regulations all regulate intermediaries. What happens when you have protocols or systems or processes that remove those intermediaries? You've now removed the very subject of rules and regulations.

Right now, broker-dealers are intermediaries, so [do] the rules and regulations actually deal with them, or they deal with an issuer or they deal with a bank?

Say you have a tungsten cube and I want to buy it from you. You and I, over Zoom, can say, “For $100, you can have my tungsten cube.” And I'll just send you a Zelle, Venmo or whatever. That transaction isn't regulated.

But if you post it on eBay or something else, and then you start using their fiat on-ramps to help settle it, they’re regulated because they want to make sure that you're not selling something fraudulent. The bank that gets attached to it, they have the obligation to do KYC and AML on you to make sure that you're not money laundering.

That's where the intermediaries come in and that's where the rules and regulations come in.

What do you think of the plan to introduce a U.S. digital dollar?

I'm of two minds when it comes to CBDC. Going back to the same transaction where if I want to lend you $1, no one knows. It's just between us. Once you have a CBDC, it's attached to your identity. All of a sudden, that anonymous transaction where I could lend you $1 without anyone else knowing but us, everyone knows.

Isn't that a good thing?

I guess it depends. If you want me to lend you 10 bucks because you want to buy your significant other something, but you have a joint bank account and you want to keep it a secret, why should everyone know? My whole issue with Venmo in the beginning was that everyone could see that I was paying someone back for my share of dinner.

My little sister — she's 19 years younger than I am — she’s used to broadcasting everything that she does. In terms of privacy, it's not a big part of things. But for me, privacy has always been very, very important. I don't know. Maybe I have an old-fashioned way of looking at things. That's why CBDCs scare me.

When I was 16 or 17, I went to my local branch to open a bank account. I showed my ID. I got a bank card. I had to go to the teller before ATMs were around. That's how I did my banking transactions.

When I got my first ATM card, I was able to take money out but I was scared to put money in because I was like, “Where's my money going?” By the time mobile banking came around, I was like, “This is amazing. I don't have to go to the teller. I don't have to do anything.”

Now you have entire generations where they have apps. You're able to open some sort of savings account. You attach it to a cash management account. No brick and mortar. You're putting all this information out there. So maybe we've shifted to where it's more convenient and less privacy. This is a long way of saying I think there are pros and cons of CBDCs.

Can you talk about how you first got exposed to crypto?

I heard about bitcoin for the first time, I think, in 2014. And I hate to admit it, but I dismissed it off the bat. I was just like, I don't understand it — hashing, cryptography and all this other stuff. So I dismissed it.

In 2016, I was at Bank of New York Mellon. At this point, Dodd-Frank was in full effect. We’re no longer allowed to grow via acquisition. The whole concept of "too big to fail" was not something that the government wanted us to have as part of our lexicon. I was an M&A lawyer doing mergers and acquisitions for a large financial institution. For someone who was suddenly not able to do it, I had a midlife crisis, or an identity crisis.

So I was trying to figure out, well, what can I do with my skills? And so I pivoted internally and started working on the bank’s minority investments and fintech companies, accelerators and incubators. Then I pivoted to looking at the bank's enterprise blockchain consortium deals. It was at that point that I learned about [distributed ledger technology] and the technology underlying bitcoin.

I didn't even bother to understand the technology when I first learned about bitcoin. Then when I kind of learned about it and what the potential use cases could be, I said, well, I don't want to be stuck doing it on the enterprise side. I really want to dig into some of the use cases. In 2017, I left my very comfortable, boring job and jumped headfirst into startup life to just learn as much as possible. And I haven't looked back since.

This was Genesis Block, a blockchain advisory firm. For the first time, I was really able to dig in and take all the experiences I've had and to really apply it to try to build something. For the first time in a very long time, I enjoyed practicing law again. And I got over my fear of public speaking as well.


To clear the FTC, Microsoft’s Activision deal might require compromise

The FTC is in the process of reviewing the biggest-ever gaming acquisition. Here’s how it could change the Xbox business.

Will the Microsoft acquisition of Activision get through the FTC?

Image: Microsoft; Protocol

Microsoft’s planned acquisition of Activision Blizzard is the largest-ever deal in the video game market by a mile. With a sale price of $68.7 billion, the deal is nearly 450% larger than Grand Theft Auto publisher Take-Two Interactive’s acquisition of Zynga in January, the next-largest game acquisition ever recorded.

The eye-popping price underlines the scale and scope of Microsoft’s ambitions for its gaming business: If the deal is approved, Microsoft would own — alongside its current major properties, such as Halo and Minecraft — Warcraft, Overwatch and Call of Duty, to name just a few. In turn, the deal has invited a rare level of scrutiny and attention from lawmakers and policy professionals now turning their sights on an industry that’s flown under the regulatory radar for the last several decades of its existence.

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at

Sponsored Content

Why the digital transformation of industries is creating a more sustainable future

Qualcomm’s chief sustainability officer Angela Baker on how companies can view going “digital” as a way not only toward growth, as laid out in a recent report, but also toward establishing and meeting environmental, social and governance goals.

Three letters dominate business practice at present: ESG, or environmental, social and governance goals. The number of mentions of the environment in financial earnings has doubled in the last five years, according to GlobalData: 600,000 companies mentioned the term in their annual or quarterly results last year.

But meeting those ESG goals can be a challenge — one that businesses can’t and shouldn’t take lightly. Ahead of an exclusive fireside chat at Davos, Angela Baker, chief sustainability officer at Qualcomm, sat down with Protocol to speak about how best to achieve those targets and how Qualcomm thinks about its own sustainability strategy, net zero commitment, other ESG targets and more.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.


Okta CEO: 'We should have done a better job' with the Lapsus$ breach

In an interview with Protocol, Okta CEO Todd McKinnon said the cybersecurity firm could’ve done a lot of things better after the Lapsus$ breach of a third-party support provider earlier this year.

From talking to hundreds of customers, “I've had a good sense of the sentiment and the frustrations,” McKinnon said.

Photo: David Paul Morris via Getty Images

Okta co-founder and CEO Todd McKinnon agrees with you: Disclosing a breach that impacts customer data should not take months.

“If that happens in January, customers can't be finding out about it in March,” McKinnon said in an interview with Protocol.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at


Ethereum's co-founder thinks the blockchain can fix social media

But before the blockchain can fix social media, someone has to fix the blockchain. Frank McCourt, who’s put serious money behind his vision of a decentralized social media future, thinks Gavin Wood may be the key.

Gavin Wood, co-founder of Ethereum and creator of Polkadot, is helping Frank McCourt's decentralized social media initiative.

Photo: Jason Crowley

Frank McCourt, the billionaire mogul who is donating $100 million to help build decentralized alternatives to the social media giants, has picked a partner to make the blockchain work at Facebook scale: Ethereum co-founder Gavin Wood.

McCourt’s Project Liberty will work with the Web3 Foundation’s Polkadot project, it said Tuesday. Wood launched Polkadot in 2020 after leaving Ethereum. Project Liberty has a technical proposal to allow users to retain their data on a blockchain as they move among future social media services. Wood’s involvement is to give the idea a shot at actually working at the size and speed of a popular social network.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.


Gensler: Bitcoin may be a commodity

The SEC has been vague about crypto. But Gensler said bitcoin is a commodity, “maybe.” It’s the clearest glimpse of his views on digital assets yet.

“Bitcoin — maybe that’s a commodity token. That has a big market value, but that goes over there,” Gensler said, referring to another regulator, the CFTC.

Photoillustration: Al Drago/Bloomberg via Getty Images; Protocol

SEC Chair Gary Gensler has long argued that many cryptocurrencies are subject to regulation as securities.

But he recently clarified that this view wouldn’t apply to the best-known cryptocurrency, bitcoin.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Google Voice at (925) 307-9342.

Latest Stories