Where to begin... First, I have included the legal wording in quotation below. If you have skin in the game as a developer and you do not read it, you do so at your own peril.

The CFTC just cracked down on three separate derivative defi protocols, despite IP blocking the Usa and blocking the use of VPNs. This means, it isn't going to be enough, and in conjunction with the 279 page Treasury Proposal, the Usa clearly has plans on *how* it's going to make foreign development teams block americans.

​

This industry is about to be forced to use massive clear list and block lists on virtually all front ends, by the americans. This is a prelude to them putting it onchain, and mandating it onchain globally, which is of course what G20 wants.

The more important question is what *is* an "associative list" or "list of association". First we need to be clear, the Usa has hijacked the crypto industry with its Sanction politics. Most hard privacy advocates including me do not fully agree with this privacy paper put out by Vitalik, this is an internationally mandated "proof of innocence" and not "proof of guilt" because "Muh Sanctions".

VC-backed “crypto” will give superpowers to central bankers & tyrants. Few will understand.

"how do they get super powers"
>they control the liquidity and banking onboarding
>they have the entire protocol stack doxxed
>they write the regulatory moats for themselves
>they do mergers and acquisition to get it back to the wealthy upper stakeholder of private equity in the West
>they have a global geolocation-metadata-mossaic of Eth and Solana, most of cosmos

​

They have all the meta data and they have etherscan, they have all the doxx information to all the central exchanges in the world, they can and will use machine learning to tie addresses to black and white lists, then enforce them with federal prosecution and extradition.

There are virtually no limitations/restrictions or regulations against these Chain analysis companies, they have a free for all of metadata and junk forensics, it's the Patriot act onchain. They are, they can, and they will, and they will be doing *much more* machine learning basic forensics to build these "association lists" to "give" to larger VC protocols.

​

They will not let non american self regulatory organizations decide on associative lists, they will force it on you with the IMF and Fatf/EU regs and Fatca/Ofac style regs, it will be top down, done with Ciphertrace and Cisa/DHS/FBI etc, compliance cost will bankrupt small company. They will never have some fairy tell honour system for geoblocking public crypto addresses from smart contracts, it will be lists made by american, curated by intelligence, and forced on the rest of the world with central planning, after VC merges and acquires everything.

​

You won't be able to get this geolocation taint off of your addresses or get new addresses easily without committing felonies, or do "chain breaks" with monero or TC, they will make it hard to do, so you're stuck with the taint, so they can kill actual DeFi.

If you have middleware and spyware that blocks entire countries of people, or entire protocols, and money flows from unregistered unlicensed non US-VC smart contracts with geo-contamination based blocking- that isn't DeFi. That isn't permissionless.

​

• globally litigating all developer teams into using middleware to block VPNs a default crimilization of VPN use for DeFi
• globally litigating clear list and block list for "associative lists" to even get white listed to use a front end, which will of course be a de facto ban for americans, because no protocol will ever be approved, and has not been so far
• If your developer team and legal council resist the subpoenas by the americans, the Department of Justice will go after your banking relations in those countries
• You might actually get extradited even if you're not american
• Tradfi clearly uses White List blocking of smart contract to suppress and merge and acquisition and steal the industry while kicking the ladder out from everyone else and building crony regulatory moats based on licensing and registration
• The SEC and CFTC have put out an extensive list of "Responsible Persons" (spoiler, it includes virtually anyone involved in the protocol or project from stem to stern) they intend to doxx, namely so they can hold them liable for collecting 1099-B in the new Treasury IRS proposal, they want the full stack of developer teams hyper doxxed.

​

Not being an american, will not protect you.

​

​

​

Recommendation 2 – Identify Responsible Persons A regulator should aim to identify the natural persons and entities of a purported DeFi arrangement or activity that could be subject to its applicable regulatory framework (Responsible Person(s)).

43 These Responsible Person(s) include those exercising control or sufficient influence over a DeFi arrangement or activity. Guidance Responsible Person(s) generally are persons and entities that provide or actively facilitate the provision of products or services. Responsible Person(s) include those that maintain control or sufficient influence over a particular DeFi arrangement or activity.

44 Regulators can consider, for example, those with design and maintenance control; financial and economic control; and formal and legal control, among other things. In many cases, those who have control or sufficient influence over a particular activity at the enterprise level (see Recommendation 1 above) will also be Responsible Persons. In conducting this analysis, a regulator should carefully examine any claim that the arrangement or activity is purportedly decentralized to the point that no persons or entities are responsible and should subject Responsible Persons to its applicable regulatory

43 Responsible person(s) is meant broadly, to encompass, for example, natural persons, groups of persons, entities and organizations, whether formally or informally constituted. 44 See also FATF, UPDATED GUIDANCE FOR A RISK-BASED APPROACH, VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS 27 (2021), available at: https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-rba-virtual-assets2021.html (“[C]reators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a [Virtual Asset

Service Provider (‘VASP’)] where they are providing or actively facilitating VASP services. This is the case, even if other parties play a role in the service or portions of the process are automated. Owners/operators can often be distinguished by their relationship to the activities being undertaken. For example, there may be control or sufficient influence over assets or over aspects of the service’s protocol, and the existence of an ongoing business relationship between themselves and users, even if this is exercised through a smart contract or in some cases voting protocols. Countries may wish to consider other factors as well, such as whether any party profits from the service or has the ability to set or change parameters to identify the owner/operator of a DeFi arrangement. These are not the only characteristics that may make the owner/operator a VASP, but they are illustrative.

Depending on its operation, there may also be additional VASPs that interact with a DeFi arrangement.”). Indicia of control or influence can include, for example, ownership interest; significant financial interest; significant voting rights; management of or the ability to impact the operations of the protocol at an enterprise or fundamental level; the ability to set permissions or access rights for users of the protocol, or to otherwise impact the rights of other users of the protocol; control over user assets; and the ability to enter into agreements for the protocol or enterprise. What constitutes control may also depend on the relevant regulations in a jurisdiction.

23 framework. In assessing who is a Responsible Person, rather than relying on labels or concepts such as decentralization or the automated nature of smart contracts in DeFi arrangements, a regulator should evaluate all the facts and circumstances, including:

(a) the roles of natural persons and entities in a DeFi arrangement and how those persons and entities interact with each other and how those roles may evolve over time;

(b) the ability of those natural persons and entities, such as developers or foundations or decentralized autonomous organizations (DAOs), to control or influence the arrangement, including through actions that would impact a smart contract, protocol, or the enterprise level operations of any particular DeFi arrangement;

(c) whether there are other parties exercising control or influence over the DeFi arrangement, such as venture capital firms, large investors, or governance/voting token holders or voters;

(d) the economics of the arrangement, including financial incentives for participation, such as who is receiving investments and returns on investment, fees, payments for development or governance activities, or payments from inventories or treasuries; and (e) how a regulator might apply regulatory oversight over these natural persons or entities.45 When considering persons and entities that may be Responsible Persons, it is important to note that governance mechanisms currently used for DeFi arrangements are not selfimplementing.

Human involvement typically is necessary to effectuate governance decisions, or to translate and implement proposals to make changes to a project’s protocol, smart contracts or other code into usable code. So those making such proposals often must rely on others with technical control and skill (i.e., administrative access and requisite technical capability) to implement governance decisions. Code could also be designed and updated through the deployment of automated methodologies – including those that utilize artificial intelligence or other technologies. For such cases, the person or entity that is responsible for deploying or using such methodologies could also be considered in the assessment of Responsible Persons. ANNEX D gives a detailed analysis of how governance currently operates in DeFi and can be a useful starting point for an analysis. Depending upon the facts and circumstances, such Responsible Person(s) can include, for example:

• founders and developers of a project; 45 Id. at 27 (“[C]ountries will need to evaluate the facts and circumstances of each individual situation to determine whether there is an identifiable person(s), whether legal or natural, providing a covered service. Marketing terms or self-identification as a DeFi is not determinative, nor is the specific technology involved in determining if its owner or operator is a [Virtual Asset Service Provider (VASP)].

Countries should apply the principles contained in the Standards in a manner that interprets the definitions broadly, but with regard for the practical intent of the functional approach. It seems quite common for DeFi arrangements to call themselves decentralized when they actually include a person with control or sufficient influence, and jurisdictions should apply the VASP definition without respect to self-description. Countries should be guided by the principle that the FATF intends to cover natural or legal persons who conduct the financial services covered in the definition as a business.

If they meet the definition of VASPs, owners/operators should undertake ML/TF risk assessments prior to the launch or use of the software or platform and take appropriate measures to manage and mitigate these risks in an ongoing and forward-looking manner.”).

24 • issuers of governance/voting tokens;

• holders and/or voters of governance/voting tokens; • DAOs or participants in DAOs;

• those with administrative rights to smart contracts and/or a protocol (i.e., with the ability to alter the coding or operation of the protocol to some degree);

• those who have or take on the responsibility of maintaining/updating the protocol or other aspects of the project, such as access rights;

• those with access to material information about the protocol or project to which other participants lack access;

• those who are promoting use of the protocol through, for example, providing a user interface or otherwise facilitating interaction with the protocol, and/or releasing updates to the protocol;

• those with custody (or effective control through an administrative key, voting structure, or otherwise) over user funds or assets, or with the ability to reverse transactions; and

• those who are profiting, for example, through fees paid by users of the protocol. Once a regulator identifies Responsible Persons, their activities should be assessed using Existing Frameworks or New Frameworks, as appropriate, in accordance with the principle of “same activity, same risk, same regulatory outcome.”

​