The Race to Regulate Crypto: CFTC vs. SEC – JURIST – Commentary

John Joy, Managing Attorney and founder of FTI Law in New York, discusses crypto regulation and the two regulatory agencies racing to regulate them…

Earlier this month, a digital currency based on the Netflix series “Squid Game” soared in value before collapsing dramatically as its promoters quickly pulled out their funds in what is known as a “rug pull.” The website promoting the cryptocurrency was only three weeks old and was littered with grammatical errors, tell-tale signs that it was a scam, and it is estimated that investors lost around $3 million USD. While the story has grabbed the headlines, it is nowhere near the largest crypto fraud. Back in 2013, an individual from Texas conned investors out of 700,000 Bitcoin in a Ponzi scheme that was shut down by the Securities and Exchange Commission (SEC). Valued at today’s prices, that 700,000 Bitcoin would have been worth an incredible $40 billion dollars.

Perhaps the reason why the Squid Game scam grabbed the headlines was not because of the dollar amount involved, but the fact that main street investors are now getting caught by crypto investment fraud. Much like the cons that penny-stock promoters are famous for, the rise of crypto investment fraud has made the area a prime target for regulation. There is no shortage of interested parties with both the Securities and Exchange Commission (“SEC”)  and the Commodity Futures Trading Commission (“CFTC”) vying for the role of the new crypto-sheriff in town. This article reflects the legal and strategic issues that may decide the race to regulate crypto and explains the prediction that the SEC will come out on top.

1. CFTC as the New Crypto Regulator

The CFTC was created in 1974 and largely draws its power from the Commodity Futures Trading Commission Act of 1974 and the Commodity Exchange Act of 1934 (“CEA”). These laws give the CFTC power to regulate the trading of commodities. Importantly when it comes to cryptocurrency, the CFTC considers Bitcoin and many other cryptocurrencies to be a commodity, giving the CFTC a seemingly good start in the race to regulate crypto.

However, the CFTC does not have the power to regulate every aspect of trading in commodities. The CEA gives the CFTC broad power to regulate the trading of ‘futures’ and ‘derivatives,’ but less power to regulate the ‘spot’ trading of commodities.  If you’re unfamiliar with these terms, it’s easiest to distinguish them by their markets:

  • The ‘spot’ market – a market where commodities (like Bitcoin) are traded immediately. An example of a spot market for crypto would be an exchange where people can buy Bitcoin which is delivered immediately to their online wallet. Most apps that let you buy crypto would be considered spot markets, and Coinbase is the most popular one in the US.
  • The ‘futures’ (or derivatives) market – a market where contracts for future delivery of commodities (like Bitcoin) are bought and sold. In this market, a person does not obtain cryptocurrency at the time of purchase, they obtain a contract for future delivery of cryptocurrency. One way to think of this market is a place where people can make bets on whether the price of a cryptocurrency will go up or down. The Chicago Mercantile Exchange currently runs a Bitcoin futures and options market which would fall into this category.

When it comes to the futures market, the CFTC has broad powers under the CEA to regulate, including setting rules for participants, the exchanges and the intermediaries in the market. However, the authority of the CFTC to regulate the spot market is less clear. The CFTC has stated that its authority to regulate the spot market only extends to preventing fraud or manipulation in the market, but it cannot set broad rules for the spot market participants like it can in the futures market.

For main street investors, it is more likely that they will be purchasing cryptocurrency using an app than trading futures on the Chicago Mercantile Exchange. As a result, the actions of main street investors are less likely to be regulated by the CFTC, but they can still rely on the CFTC to police fraud and manipulation in the spot market where they buy and sell their crypto. When it comes to enforcement, the CFTC has also demonstrated that it will prosecute crypto violations. For example, in August 2021, the CFTC fined BitMEX $100 million for trading Bitcoin derivative products without any Anti-Money Laundering (AML) or Know-Your-Customer (KYC) requirements. The CFTC has also brought enforcement actions against My Big Coin Pay and Coin Drop Markets for fraud in crypto markets where it wasn’t clear that there was any future contract involved.

The CFTC model of crypto regulation is an attractive one for main street investors as it suggests that the CFTC won’t be focused on setting rules for their ordinary trading activity, rather, it will be focused on fraud, manipulation and the futures market. As the CFTC has a solid legal basis for regulating and an attractive value proposition for main street investors, the CFTC looks to be off to a good start in the race to regulate crypto.

2. SEC as the New Crypto Regulator

As the CFTC regulates commodities, the SEC regulates “securities.” But while the CFTC has stated that Bitcoin is a commodity, the SEC has admitted that neither Bitcoin nor Ethereum are securities. This is important as Bitcoin and Ethereum are the two largest cryptocurrencies by market cap, and they act as a model for hundreds of other cryptocurrencies. If Bitcoin and Ethereum are not securities, then a lot of the crypto market might be out of the SEC’s regulatory reach. Not a great start for the SEC.

Despite the legal case not looking so solid for the SEC, what the SEC lacks in legal authority it makes up for in regulatory appetite. Given that the SEC doesn’t have explicit authority to regulate the spot or the derivatives markets for crypto, the SEC has cleverly identified other aspects of the crypto ecosystem which are more similar to securities and has declared those areas to be fair game for SEC regulation. Regulating a few key areas of the crypto ecosystem could be a good strategy, as it could allow the SEC to exercise influence over the markets without directly policing them. To use an analogy, the SEC might not be able to act as the crypto-sheriff, but if it controls all the gun stores in the town, it can still wield a lot of influence in policing crime.

The best example of an area of influence the SEC has targeted is initial coin offerings (“ICOs”).  ICOs are where people ‘invest’ in a coin that has yet to be released or traded on an open market. Often these ICOs are used to raise the capital needed to develop the cryptocurrency or the infrastructure it needs to operate. Sound like an IPO? The SEC sure thinks so.

The SEC first claimed authority to regulate ICOs in 2018, and this claim has been reiterated earlier this year by the current SEC Chairman, Gary Gensler. While Bitcoin and Ethereum are long past the point of an ICO, there have been hundreds of ICOs in 2021, giving the SEC a bounty of opportunity to regulate how new cryptocurrency is marketed and sold to investors.

Another area of influence the SEC has claimed is Decentralized Finance (“DeFi”). DeFi is a system that allows people to borrow and lend cryptocurrency on decentralized platforms (i.e., online platforms that are not controlled by any one entity or person). DeFi is seen as a key area in the crypto ecosystem as it allows cryptocurrency holders to access financial products that were traditionally offered by banks. As DeFi involves lending, it is a great fit for the SEC’s regulatory power, as the statutory definition of a ‘security’ includes debt instruments. This gives the SEC a solid legal basis for asserting their authority in this area and the SEC has already stated that DeFi platforms implicate securities laws. That means that SEC rules and regulations on how DeFi platforms operate are likely not far behind.

While ICOs and DeFi are the most visible areas the SEC has identified for regulation, it is likely only the beginning. In terms of wider regulation of the crypto markets, Chairman Gensler summed up the SEC’s position neatly in August:

“It doesn’t matter whether it’s a stock token, a stable value token backed by securities, or any other virtual product that provides synthetic exposure to underlying securities. These products are subject to the securities laws and must work within our securities regime.”

What’s more, Gensler has openly called for Congress to help the SEC by giving it more authority to regulate cryptocurrencies.

While the SEC has a tougher legal position than the CFTC does when it comes to asserting authority to regulate the crypto market, the SEC has adopted a good strategy in identifying key areas it can influence. Even without help from Congress, the SEC also has some excellent strategic and industry dynamics that will help it in the race to regulate crypto.

3. Why the SEC will Win

  •  The SEC’s Enforcement Appetite

The SEC has one of the most active enforcement divisions of any U.S. regulator.  It has brought dozens of crypto enforcement actions and hasn’t lost a single case.  History shows that a weak legal basis to prosecute will not slow down the SEC, and this can be seen from other areas where the SEC enforces with sometimes questionable authority. Take for example, the Foreign Corrupt Practices Act (FCPA), a law that prohibits foreign bribery. Over the last two decades, the SEC has become one of the primary enforcers of the FCPA by bringing multiple enforcement actions, some described as “pushing the limits of jurisdiction” and others criticized as flat-out lacking a legal basis. Nevertheless, the SEC is rarely challenged on its FCPA jurisdiction because it makes companies an offer they can’t refuse: Settle the charges with us or fight it out in court and the whole world will see your dirty laundry. With an enforcement division stacked with prosecutorial talent, it’s no wonder that the majority of SEC actions settle. The SEC’s current battle with XRP over the SEC’s authority to regulate crypto is a great example of one of the rare instances where the SEC is challenged on its jurisdiction. Regardless of who wins that battle, the SEC is unlikely to shy away from prosecuting in this area. The SEC also has better resources than the CFTC to do so, as the SEC has almost eight times the headcount and budget of the CFTC.

  • Companies want to be Regulated by the SEC

Before you scoff at the suggestion that a company would want to be regulated by the SEC, remember that most companies dream of going public. Going public means the SEC becomes the company’s primary regulator and almost everything a public company does is tightly regulated by the SEC. Even before a company goes public, if the SEC wants to investigate conduct at a company, it could be a risky decision to challenge the SEC’s authority if the company has future plans for a public listing. For most companies, this will create a dynamic where they want to cultivate a good relationship with the SEC. That is not to say they will simply roll over for enforcement actions (XRP is a good example) but it will be an important factor to weigh in deciding whether to challenge the SEC’s authority to regulate.

  • When Not Invited, the SEC Gatecrashes

Even if the CFTC is crowned the primary crypto regulator by Congress, it won’t stop the SEC from muscling in when it comes to public companies. In other areas where regulators believed they had de facto exclusive jurisdiction to regulate, the SEC has often gatecrashed the party. Take for example ‘economic sanctions,’ which are issued and enforced by the Office of Foreign Asset Control (“OFAC”) with the assistance of the DOJ. In 2019, sanctions enforcement was a task exclusively performed by OFAC and the DOJ. However, that changed when the SEC brought an enforcement action against Quad/Graphics Inc. which involved violations of OFAC sanctions. Not only was this a case where the SEC was moving in on someone else’s turf, but in this particular case, the DOJ had already investigated Quad/Graphics and declined to bring charges. Never one to need an invite to the party, the SEC stated that as Quad/Graphics was a public company, sanctions violations could also constitute violations of securities laws. This argument was enough for Quad/Graphics to settle with the SEC for almost $10 million. If the enforcement of sanctions is anything to go by, any crypto regulator who is not the SEC may find the role a little cramped when it comes to public companies.


The SEC will win the race to regulate crypto because strategy, resources and industry dynamics will play a bigger role than the legal definition of a security or a commodity. There is certain to be some overlapping authority, and it is unlikely the CFTC will ever cede jurisdiction over the futures and derivatives markets for crypto, but outside of that, the primary regulator will need the larger appetite to enforce and the best leverage against companies to extract settlements. The SEC has both of these and the resources it needs to start meaningful regulation in short order. As many crypto companies dream of ringing the opening bell on the day of their public listing, the SEC is already treading on those dreams.


John Joy is the Managing Attorney and founder of FTI Law, a law firm that specializes in representing crypto whistleblowers. He is a New York whistleblower attorney who has worked for almost a decade on financial crime and regulatory cases around the globe.


Suggested citation: John Joy, The Race to Regulate Crypto: CFTC vs. SEC, JURIST – Professional Commentary, November 24, 2021,

This article was prepared for publication by Giri Aravind, a JURIST staff editor. Please direct any questions or comments to him at

Opinions expressed in JURIST Commentary are the sole responsibility of the author and do not necessarily reflect the views of JURIST’s editors, staff, donors or the University of Pittsburgh.

Be the first to comment

Leave a Reply

Your email address will not be published.