DeFi and the “Digital Asset” Felony Hidden in the Infrastructure Bill

We’re very pleased to have our first DeCential guest contributor, Abraham Sutherland, writing about an issue that should be taken seriously by anyone involved in the cryptocurrency world. A lecturer at the University of Virginia School of Law, Sutherland’s research specializes in the regulation and taxation of cryptocurrencies. He was the U.S. Department of State’s rule of law adviser in northeast Afghanistan’s Kunar Province, near the Pakistan border, from 2009 to 2012. The issue Sutherland writes about is pending for a vote before the U.S. House of Representatives after passing the Senate. You can find out how to contact your Representative here to let them know what you think of the proposed amendment. Follow the links in the story to recent podcasts featuring Sutherland and articles about the issue to learn more. — Matthew Leising

There’s a proposal waiting for a final vote in Congress that is dangerous for digital asset industries. It requires certain transactions to be reported to the government -- and makes failure to report them a crime. It’s bad for all users of digital assets, but it’s especially bad for decentralized finance. The statute would not ban DeFi outright. Instead, it imposes reporting requirements that, given the way DeFi works, would make it impossible to comply. 

This is not the so-called “broker” provision that attracted public opposition when the infrastructure bill was waiting to be approved by the Senate. This is a separate provision, an amendment to tax code section 6050I, and it requires certain “recipients” of digital assets valued over $10,000 to report the sender’s name, address, and Social Security number to the government. 

The statute that’s being amended was written in 1984. It’s an unusual law -- it’s part of the tax code but it’s not really a tax provision. First, unlike all other IRS information reporting requirements, violations here are felonies. Second, it does not simply add a reporting burden to intermediaries already in the business of collecting and storing customer data, such as stock brokers or centralized cryptocurrency exchanges. It applies to all businesses -- which can include individuals. In fact, the only businesses that are exempt from section 6050I are banks and financial institutions. 

Primary targets

Businesses are the ones that must file the report with the government, but the law’s primary targets are the users of cash (and now, digital assets) whose personal information gets reported. In short, section 6050I is an anti-crime law, and the government uses the reports it receives to investigate suspicious activity.

The amendment now pending in Congress is just eight words long. It defines “cash” to include “any digital asset.” So, a law written for face-to-face transfers of three-dimensional objects -- namely, physical currency -- would now apply to receipts of digital assets. Another new law would define digital asset about as broadly as can be imagined: “any digital representation of value” involving distributed ledger technology. 

I explain how section 6050I works in a longer report published by the Proof of Stake Alliance on September 17, 2021. Here’s a quick recap of the statute, so that we can then focus on how it affects DeFi. For more detail and citations, refer to the POSA report. 

When the below five elements are present, any person whose receipt triggers the statute must report others’ personal information to the government. Under current rules, the report must be filed within 15 days, using IRS Form 8300. The five elements are:

1. You receive

   A “receipt” has nothing to do with taxable income, revenue, or even a right to keep the asset; mere custody is enough.

  2. Digital assets 

Defined as “any digital representation of value” using distributed ledger technology.

  3. Exceeding $10,000 in value 

Because “transaction” includes “related transactions” as well as any number of payments resulting from related transactions, the $10,000 threshold captures more than might first be apparent. Repayments on a $50,000 loan, for example, trigger the reporting requirement each time the cumulative payments received exceed $10,000.

 4. In the course of the recipient’s “trade or business”

Only businesses must file reports, but the vague, judge-made “trade or business” classification is broader than many think. “Trading” can be a business, even when engaged in by an individual.

 5. UNLESS a federally regulated “financial institution” is already reporting the same transaction and personal information, as required under separate Bank Secrecy Act regulations.

The statute is designed to discourage disfavored technology and to route transactions through the banks and other institutions already required to surveil customers and report transaction details to the government.

 The application of this statute to DeFi raises special problems because, if the duty to report is triggered, it requires the report to include the names, addresses, and tax ID numbers of the people from whom the digital assets were received. 

How should we -- and how will the Treasury Department and federal prosecutors -- interpret this requirement? Consider a simple example of an automated market maker on a decentralized exchange.

Example 1:

Andy withdraws tokens from a liquidity pool -- say, by surrendering the LP tokens he acquired at the time of deposit. It is difficult to argue the withdrawn tokens are not Andy’s “receipt” under the statute. In addition, under any plausible interpretation of “transaction,” receipts from repeated withdrawals will aggregate over time for purposes of meeting the $10,000 threshold. 

Example 2:

Bob uses the AMM DEX to swap token A for token B. Bob’s receipt of token B presumably is also a receipt under the statute. (We assume that both Andy’s and Bob’s receipts are in the course of their “trade or business.”) 

If the reporting requirement is triggered, the statutory text commands that the report include the personal information of “the person from whom” the digital assets were “received.” Under the current statute, when physical cash is received from more than one person, the form requires each person to be listed, as well as each “person on whose behalf [the] transaction was conducted.”

How will this command be enforced in DeFi transactions? Generally speaking, the tokens received from a liquidity pool swap or withdrawal cannot be traced to one or more particular accounts, much less to particular persons. 

Perhaps the tokens are not “received” from a person or persons but rather from a smart contract. Consider the token swap. If the DEX were instead a centralized exchange, the person sending the B tokens may not be the trader on the other side of the trade, but rather the exchange itself. (This is actually more complicated that might appear, for reasons beyond the scope of this article. Centralized exchanges are “financial institutions” and therefore exempt from section 6050I.) After all, the person who put those tokens into an AMM pool didn’t intend for Bob to receive them.

 Arguably, then, the “person” to be reported in our examples would be the DEX, which is not a legal person but a collection of smart contracts. Perhaps a report would be deemed in compliance if the DEX is listed, even though the entry would lack an address and tax ID number. More ambitiously, the recipient could argue that the non-existence of a “person” from whom the digital assets are received renders the transaction outside the scope of the statute.

 But it is unreasonable to conclude that the existence of a smart contract would, as a general matter, defeat either the requirement to report the sender’s personal information or, more ambitiously, altogether remove the transaction from the reach of the statute.

 Note first that the purpose of 6050I is not simply to capture information relating to the recipient of digital assets. To the contrary, its true purpose is to collect information about the sender. Reporting that fails to identify the source of the cash or digital assets would therefore defeat a primary purpose of the law.

“There is indeed something ridiculous about this effort to apply section 6050I to digital assets, and in particular to DeFi transactions.”

Example 3:

Imagine that in 1983, an eccentric and anti-social (but highly sought-after) artist sold his sculptures on an honor system. Buyers could take an artwork from his lawn if they anonymously left an envelope with $11,000 cash in his mailbox. 

After 6050I came into effect in 1984, could the artist be excused from the requirement to report the buyer’s personal information to the government on the grounds that his business model did not enable compliance? More ambitiously, could he argue his business model exempted him from the statute entirely, as he received the cash not from a person but from a mailbox? 

 In a word, no. The artist would have to change his business model. 

(Note that, strictly speaking, section 6050I does not regulate commercial transactions. It imposes a reporting requirement backed by civil and criminal sanctions. To this day, there is nothing unlawful about selling artwork anonymously for $11,000 in cash. The crime is in the failure to report it as required by the statute, and reporting it correctly entails obtaining the information demanded by the statute.)

For the same reasons our 1984 artist is not exempt from 6050I, the substitution of a smart contract for a mailbox is unlikely to defeat the reporting requirement for DeFi or other digital asset activity.

 Yet if the type of smart contract used in DeFi transactions leaves room for doubt, consider a different type of smart contract:

 Example 4:

Charlie sees an NFT he likes and sends his cryptocurrency to a smart contract. When the dust settles, Charlie owns the NFT (the receipt of which, because an NFT is clearly a digital asset under the statute, may also impose a reporting requirement on Charlie). 

 David is an artist in the business of making and selling NFTs who has received Charlie’s cryptocurrency as payment for the NFT. (We can also imagine other people receiving digital assets as a result of Charlie’s cryptocurrency transaction. The fee received by the NFT exchange, for example, could also impose a reporting obligation on that NFT exchange.)

 In a factual sense, David received the cryptocurrency from a smart contract. But it’s implausible that the statute exempts David from reporting Charlie’s personal information simply because a smart contract was involved. In turn, it’s hard to see why the more complex smart contract activity in DeFi would lead to a different result.

 There is indeed something ridiculous about this effort to apply section 6050I to digital assets, and to DeFi transactions in particular. The old law simply does not fit with this new technology. The difficulty of imagining how 6050I would apply to digital assets is yet another reason why this proposal has not received the attention and criticism it deserves. 

But if the amendment becomes law, regulators, prosecutors, and the public will have no choice but to take it seriously. Congress, and the public, should not wait for that. The amendment to section 6050I is an affront to the rule of law and to the norms of democratic lawmaking. It was slipped quietly into a 2,700 page spending bill, allegedly as a tax measure to defray the bill’s trillion-dollar price tag even though section 6050I is in fact a costly criminal enforcement provision. The proposal deserves attention now, while there is still time to stop it.