Don’t wait for the SEC, a top crypto lawyer says

INX got SEC approval for a groundbreaking token sale. But companies need to weigh the risks of engaging with regulators, General Counsel Cathy Yoon argues.

Cathy Yoon

INX General Counsel Cathy Yoon is energized by the challenges of crypto.

Photo: INX

INX made history last year with the first-ever public offering of a digital security registered with the SEC.

That move by the blockchain-based service for trading cryptocurrencies and digital assets was a big deal at the time: The SEC has had a reputation for being particularly tough on crypto, and companies have long complained that the agency hasn’t put out clear rules for how they should operate. This was highlighted by legal disputes between the SEC and players like Coinbase and Ripple.

General Counsel Cathy Yoon said INX’s IPO was a triumph for a company whose CEO, Shy Datika, wanted to “issue something digital without having the SEC come after me,” she told Protocol. INX did it by working closely with the SEC and doing everything by the book, a process Yoon described as “a 950-day journey” with the regulator.

But Yoon offers this advice to crypto companies: Waiting for the SEC’s blessing isn’t always the smart move.

“My biggest concern is that companies will go to the SEC or other regulators with the idea that if you can get permission before you do it, that you're going to be OK,” Yoon said.

Yoon elaborated on how she thinks crypto companies should deal with the SEC in an interview with Protocol. She also talked about what to expect in the coming regulatory battles over crypto, why she’s unimpressed both with SEC Chairman Gary Gensler and Coinbase’s proposal for a separate crypto regulator, and her misgivings about a plan for a digital dollar.

This interview has been edited for brevity and clarity.

This is expected to be a big year in crypto regulation. What do you see on the horizon?

I have a lot of optimism for this space. But I think from a regulatory perspective, especially in the United States, the regulatory clarity that everyone is looking for, we're probably not going to get it this year. It really hurts me to say this, because I think we're all fighting the good fight. I think everyone in the space understands now that education is a large part of what we do in our day to day.

Chair Gensler has reached out to Congress for additional supervisory powers, but even if he gets them, I really don't know if he's going to put the SEC on the line to come out with kind of bright-line rules and regulations. Because if something goes wrong, people are going to blame the SEC, saying, “You let this happen on your watch.” I think that's just something that people need to be mindful of.

When Gensler took on the job, many expected him to be a breath of fresh air given his knowledge of blockchain and crypto. How do you view his performance?

I was a little hesitant and skeptical about his appointment. And it's only because I have former colleagues who worked with Gensler when he was at the CFTC. They didn't think that his approach to the way he ran that agency was going to fit in well with a more progressive, open-minded view that we would hope from the SEC chair.

He really had to carry the line that Chair [Jay] Clayton started because as an agency, you don't want to flip-flop. You don't want to step back from your predecessor’s views. He very much agreed with Chair Clayton that every token that he sees looks like a security, and that line has not changed.

He's going a step further. Now he's saying that exchanges are trading platforms that facilitate the trading of these cryptocurrencies. He’s also saying they need to fall under the securities laws and registration.

Is there anything that you see as positive or promising in Gensler’s term?

Do I have to answer? Is that telling in and of itself? If there could be certain instances where it's shown to be a positive move to go and speak with the SEC, to see if there's some movement, I think then it'd be like, “Yes.”

What is your biggest worry on the regulatory front this year?

My biggest concern is that companies, projects and founders will go to the SEC or other regulators with the invitation, “Come speak with us,” with the idea that if you can get permission before you do it, that you're going to be OK.

But in order to get to the place where you go to the SEC with your proposal, you've already [spent] a lot of money. You have to build the team. You have to build the tech. You've incurred legal fees, auditing fees. [Maybe] the SEC is going to make a good-faith effort and try to help you find a solution. But that might take 18 months. If you're pre-revenue, how are you going to survive for 18 months while waiting for the SEC?

What allegedly happened with Coinbase when they went to speak with them — I only know Coinbase’s side — but they were served with a Wells notice. There would be potential enforcement action based on that meeting. Why would anyone go speak with the SEC if that's a potential outcome?

My approach is: I have a pretty good understanding of the existing rules and regulations. I’m a pretty smart lawyer. I’ve been doing this for a while. I think I can make a good-faith effort or attempt to look a regulator in the eye and say, “You know what, I'm not going to ask for permission. These are the current rules and regulations, and this is how I'm going to steer my company to do things.”

I'm not going to wait. I'm going to make sure that we try to bring revenue in the door and survive. And I'm hoping that approach will work. Instead of being shut down, [the regulator would say,] “We understand why you did it. We don't like why you did it this way. So maybe you can do it this way.”

I think that would be the better approach. My fear right now is that it doesn't seem to me that the SEC, even if you went to them, would even be able to work with you to come out with a workable solution. So why are you going to wait when you can do things in a compliant manner, put something down and give the SEC something to work with?

As an operating company, I juggle every day: How much do I go and try to help move my company forward without asking for permission? What is that risk profile? Or do I stop everything and ask for permission? My biggest concern is that people will stop everything.

In your view, that’s the better approach given the climate...

I feel like it's the only approach, because from what we have seen, the SEC hasn't been able to come up with any solution to move anyone forward.

This is not legal advice. I'm not telling people to go out there and kind of push things through. But I'm just saying that I think there needs to be a balance. Companies, whether or not they're going to be revenue-generating, it shouldn't be because they're waiting for the SEC to learn enough to make a determination. It should be the market determining whether or not they like the product.

Some crypto institutions have presented proposals for how to regulate them. One of them came from Coinbase, which has called for the creation of a separate regulator for crypto. What do you think of that idea?

The SEC has said over and over again that they are technology-neutral, they are not regulating technology. For these companies to ask for a separate standalone regulator specific for our technology — that, to me, is stupid.

I mean, how do you argue that a regulator is not being technology-neutral and then you want a regulator specifically for this technology? For me, the bigger-picture issue is not regulating blockchain or crypto or digital assets. It really is to be able to find a way to get regulators up to speed, to educate themselves. This isn't the only emerging technology that we're going to face. Ten years from now, it might not be blockchain. It might be some derivative of it or something else.

So regulators, for me, need to be able to understand and shift and pivot to see the bigger picture when it comes to emerging technology and what it means for our capital markets, efficient markets, protection of investors. I think having a standalone regulator might help us today. But I think we as a space need to be a little bit more responsible and have some foresight, and think about what this is going to mean for the next stage.

Who would you like to take the lead in this?

I think there are lanes for a reason. The tricky part is that the current rules and regulations all regulate intermediaries. What happens when you have protocols or systems or processes that remove those intermediaries? You've now removed the very subject of rules and regulations.

Right now, broker-dealers are intermediaries, so [do] the rules and regulations actually deal with them, or they deal with an issuer or they deal with a bank?

Say you have a tungsten cube and I want to buy it from you. You and I, over Zoom, can say, “For $100, you can have my tungsten cube.” And I'll just send you a Zelle, Venmo or whatever. That transaction isn't regulated.

But if you post it on eBay or something else, and then you start using their fiat on-ramps to help settle it, they’re regulated because they want to make sure that you're not selling something fraudulent. The bank that gets attached to it, they have the obligation to do KYC and AML on you to make sure that you're not money laundering.

That's where the intermediaries come in and that's where the rules and regulations come in.

What do you think of the plan to introduce a U.S. digital dollar?

I'm of two minds when it comes to CBDC. Going back to the same transaction where if I want to lend you $1, no one knows. It's just between us. Once you have a CBDC, it's attached to your identity. All of a sudden, that anonymous transaction where I could lend you $1 without anyone else knowing but us, everyone knows.

Isn't that a good thing?

I guess it depends. If you want me to lend you 10 bucks because you want to buy your significant other something, but you have a joint bank account and you want to keep it a secret, why should everyone know? My whole issue with Venmo in the beginning was that everyone could see that I was paying someone back for my share of dinner.

My little sister — she's 19 years younger than I am — she’s used to broadcasting everything that she does. In terms of privacy, it's not a big part of things. But for me, privacy has always been very, very important. I don't know. Maybe I have an old-fashioned way of looking at things. That's why CBDCs scare me.

When I was 16 or 17, I went to my local branch to open a bank account. I showed my ID. I got a bank card. I had to go to the teller before ATMs were around. That's how I did my banking transactions.

When I got my first ATM card, I was able to take money out but I was scared to put money in because I was like, “Where's my money going?” By the time mobile banking came around, I was like, “This is amazing. I don't have to go to the teller. I don't have to do anything.”

Now you have entire generations where they have apps. You're able to open some sort of savings account. You attach it to a cash management account. No brick and mortar. You're putting all this information out there. So maybe we've shifted to where it's more convenient and less privacy. This is a long way of saying I think there are pros and cons of CBDCs.

Can you talk about how you first got exposed to crypto?

I heard about bitcoin for the first time, I think, in 2014. And I hate to admit it, but I dismissed it off the bat. I was just like, I don't understand it — hashing, cryptography and all this other stuff. So I dismissed it.

In 2016, I was at Bank of New York Mellon. At this point, Dodd-Frank was in full effect. We’re no longer allowed to grow via acquisition. The whole concept of "too big to fail" was not something that the government wanted us to have as part of our lexicon. I was an M&A lawyer doing mergers and acquisitions for a large financial institution. For someone who was suddenly not able to do it, I had a midlife crisis, or an identity crisis.

So I was trying to figure out, well, what can I do with my skills? And so I pivoted internally and started working on the bank’s minority investments and fintech companies, accelerators and incubators. Then I pivoted to looking at the bank's enterprise blockchain consortium deals. It was at that point that I learned about [distributed ledger technology] and the technology underlying bitcoin.

I didn't even bother to understand the technology when I first learned about bitcoin. Then when I kind of learned about it and what the potential use cases could be, I said, well, I don't want to be stuck doing it on the enterprise side. I really want to dig into some of the use cases. In 2017, I left my very comfortable, boring job and jumped headfirst into startup life to just learn as much as possible. And I haven't looked back since.

This was Genesis Block, a blockchain advisory firm. For the first time, I was really able to dig in and take all the experiences I've had and to really apply it to try to build something. For the first time in a very long time, I enjoyed practicing law again. And I got over my fear of public speaking as well.


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories