top of page

Illinois' Digital Asset Regulation Act Needs Reconsideration

About the Act

The Illinois' Digital Asset Act Needs Reconsideration

On February 21, 2023, the Illinois Department of Financial and Professional Regulation (“IDFPR”) released a two-part legislative proposal called the Fintech-Digital Asset Bill (“FDAB,” HB 3479/SB 2233), proposals that would “protect Illinois residents from financial fraud and abuse and establish regulatory oversight of cryptocurrencies and the broader digital asset marketplace.”


To do so, IDFPR explains that “like regulation in place in New York and under consideration in the California legislature, the Fintech-Digital Asset Bill requires digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in Illinois.” 


However, the FDAB’s scope is far broader than the referenced New York regulation and proposed California regulation because it could capture non-custodial and decentralized finance (“DeFi”) software protocols that operate in fundamentally different ways than the custodial and centralized digital asset businesses the bill intends to regulate. The bill fails to account for those differences and would apply an unworkable CeFi regulatory regime to software protocols. 


Illinois policymakers should reconsider this punitive legislation and, at a minimum, ensure that the bill’s definitions match its intended scope. 

Developments & Timeline:


  • February 17, 2023: Bill introduced

  • March 7, 2023: Bill passed out of the Assembly’s Financial Institutions and Licensing Committee

  • March 23, 2023: Bill amended to exclude “the development and dissemination of software in and of itself.”

  • Current Status: Pending full consideration by the Illinois Assembly


DeFi Q&A

  • When it comes to DeFi, what are the key differences between the approach proposed in the FDAB and the approach of California and New York? 


While the New York and (proposed) California frameworks are limited to custodial and centralized digital asset businesses, Illinois’ definitions are far broader and could capture software protocols:

New York
“buy, sell, trade, or convert, on behalf of a resident…”
“to assume control of a digital financial asset from, or on behalf of, a resident, at least momentarily, to sell, trade, or convert…”
“Buying and selling virtual currency as a customer business;” and “performing exchange services as a customer business…”
“to transfer or transmit a digital asset from or on behalf of a resident…” [Note: “transfer…from…a resident” on its face covers any IL person moving a digital asset; that’s why CA explicitly limits its transfers” to those where an intermediary assumes—even temporarily—control of the customer’s funds and further limits the term to avoid capturing individuals transferring assets on their own behalfs.]
“to assume control of a digital financial asset from, or on behalf of, a resident and to subsequently do any of the following…”
“receiving virtual currency for transmission or transmitting virtual currency, except where the transaction is undertaken for non-financial purposes and does not involve the transfer of more than a nominal amount of virtual currency…” [Note: Elements of control/custody, as a customer business, and on behalf of others are all implicit in choice of the legally meaningful word “transmit” unlike the more general “transfer.”]
"to store, hold, or maintain custody or control of a digital asset on behalf of a resident by a person other than the resident [Note: these are consistent and rightly capture people custodying another person’s assets as a business.]"
“to maintain control of a digital financial asset on behalf of a resident by a person other than the resident…”
“storing, holding, or maintaining custody or control of virtual currency on behalf of others…”
  • What are some of the differences between DeFi and CeFi?


DeFi refers to decentralized software protocols used to conduct economic activities that run on distributed ledgers, i.e. "blockchains." DeFi protocols allow users to conduct economic and financial activities without the need for financial intermediaries like banks or financial institutions.


While DeFi protocols and CeFi businesses can allow individuals to conduct similar economic activities, they do so in ways that are fundamentally different. Examining one subset of DeFi protocols, decentralized exchange protocols, can help reveal several key differences between DeFi and CeFi, including:


Transparency: In a centralized and custodial market, only the market operator has full transparency into the operation of the trading system, including any matching algorithm, order types, order handling, market data, etc. In a decentralized and noncustodial market, the code governing how the protocol operates is open-source and transactions take place on a public blockchain, which gives regulators and market participants the ability to audit the market in real-time. No person or group of persons known to each other and acting in concert has unique visibility into trading activity or the unique ability to take action in connection with such activity. 


Conflicts: In a centralized and custodial market, the market operator not only has access to confidential trading information but also may face conflicts of interest in the handling of that information (e.g., sharing with affiliates) and more generally through engaging in proprietary trading and other activities that might present conflicts with operation of the market. In a decentralized and noncustodial market, the protocol is a neutral tool and no users have a “leg up” due to affiliation with a market operator.


Market Access: In a centralized/custodial market, the market operator decides who can access the market and the terms for such access. A decentralized and noncustodial market affords open access to anyone who can establish connectivity to the protocol.

Custody: In a centralized and custodial market, the market operator holds users’ assets for purposes of safekeeping, affecting settlements and, if applicable, for margin or collateral.  Assets are typically held by the centralized market operator (or a related clearing and settlement entity) in an omnibus account in its own name, directly or with a third party depository. In a decentralized and noncustodial market, participants are responsible for directly holding their own assets (or assets pledged to them by counterparties) or arranging themselves for custody and settlement through third party custodians. Any margin or collateral may be held directly, by a third party custodian or embedded in smart contracts traded on the decentralized market. Decentralized and noncustodial markets therefore eliminate the risk that users will lose funds due to custodial mismanagement.


  • From a regulatory perspective, why can’t DeFi and CeFi be considered uniformly?


The disintermediation of financial services challenges a regulatory regime developed over decades that is premised on the assumption that custodial financial intermediaries are necessary to conduct activities. Indeed, with the exception of cash transactions, the effectuation of financial transactions has historically required the services of custodial and centralized intermediaries. This functional consistency is reflected in the regulatory principle of “same activity, same risks, same rules.” The development of public blockchains and peer-to-peer value transfer has rendered that principle obsolete because public blockchains have created functionally novel ways of conducting activities. 


From a regulatory perspective, how something is done is just as important as what is being done. An extremely oversimplified analogy could be transportation services: both cars and airlines are involved in the same activity, getting people from point A to point B, yet they do not present the same risks to consumers and certainly should not be regulated in the same way. So too in the context of CeFi vs. DeFi. 



bottom of page