Key insights:

• • • Pushing innovation in the financial sector — The OCC is actively enabling innovation among financial service institutions, not resisting it.

• • • Regulation is being refocused, not removed — Priorities may change with each administration, but oversight remains, and crypto is increasingly central.

    • Compliance is a growth requirement — Regulations around the BSA, sanctions, and KYC still apply, so durable controls and experienced teams do matter, even with AI.

Shortly after being named Acting Director of the Comptroller of the Currency in early 2025, Rodney E. Hood in the financial sector. Hood spoke about improving bank-fintech partnerships and providing regulatory frameworks for digital asset activities.

As expected, the Hon. Jonathan V. Gould was sworn in as the 32nd on July 15, 2025. Under his leadership of the Office of the Comptroller of the Currency (OCC), the spigot of technology-enabled financial innovation is set to remain wide-open, with blockchain-based products at the forefront.

In his speech to the , Comptroller Gould laid out a road map to a future that includes more de novo charters, with many of them coming from the ranks of blockchain and digital or virtual asset service providers (VASP). He refuted notions that these things cannot be done under current rules and reaffirmed the agency’s ability to regulate such institutions.

Register now for The 2026 Future of AI and Technology Forum, a cutting-edge conference that will explore the latest advancements in GenAI and their potential to revolutionize compliance, legal, and tax practices

Institutions that fail to embrace these emerging technologies as they arise risk falling behind, Gould said, describing how any legal framework that treats digital assets differently than existing electronic means is risking “a recipe for irrelevance.” Such an antiquated approach keeps companies, institutions, and indeed the nation’s entire financial system, mired in the past, he added.

Digi-mon go!

In word and deed, the current OCC continues to offer a green light to VASPs as well as to traditional financial institutions that are looking to dabble with blockchain, stablecoins, and the like. Regulatory action in the past year mostly served to end prior enforcement against traditional institutions while putting ancillary companies in check. For example, of US/Mexican border casinos, crypto ATM-style terminals, and armored car companies demonstrates the regulatory shift that takes place after each change in administration.

Government rarely gives up its authority, but it does shift the focus. Border cash is out, crypto is in. Clear regulation for this sector is important, necessary, and will continue to create an entirely new set of financial products & services.

Institutions that fail to embrace these emerging technologies as they arise risk falling behind… [and] any legal framework that treats digital assets differently than existing electronic means is risking ‘a recipe for irrelevance.’

Normally I advocate more caution but, in this case, having any regulation is better than having no regulation. Blockchain is here to stay and having any kind of clarity around it is the right way to begin. Those who legislate have an opportunity to improve the regulatory framework over this technology as it evolves — as long as a framework exists. It’s sort of like the slippery slope argument in reverse: When we build a foundation on regulations that encourage innovation while protecting consumers, including the companies themselves, we create a healthier economy. These rules can always be improved and adjusted as we understand better what we have unleashed upon the world.

Compliance is on the “can’t cut” list

Rumors are swirling of cuts to many corporate compliance budgets. Many compliance pros think this administration will let companies do as they please! Let a professional risk manager urge caution here instead. The power of the Bank Secrecy Act (BSA), the extraterritorial reach of sanctions, and the requirements to know your customers (KYC) are not going anywhere. Regulations are refocused, not removed. A proliferation of nouveau financial institutions will provide a target-rich environment for the regulators of today and tomorrow to find things they dislike and prosecute those offenses. A business that hopes to make it big should be built to withstand the winds of change and weather different regulatory conditions over time.

Therefore, smart compliance professionals will keep an eye on the horizon and keep their risk controls tight. Yes, it may be a good time to start a crypto company; but no, that does not mean you can process drug cash, ignore sanctions, or fail to collect basic personally identifying information.

With increasingly ubiquitous AI tools, your humans in the loop are more important than ever. As entry level jobs become automated, depth of experience becomes more valuable. Retain talent and institutional knowledge on your compliance teams because those individuals will train the AI as well as the investigators of tomorrow.

Indeed, no matter who is in charge of the government’s regulations, enforcement will come when you let your guard down and ignore basic risk management principles.

You can find more about how government agencies are managing various risk, fraud, and compliance issues here

Key insights:

• • • Blockchain’s transparency is a double-edged sword— While criminals use crypto for illicit activities, the permanent and public nature of the blockchain ledger creates an undeniable trail, making it a powerful tool for law enforcement to track and seize illicit funds.

    • The rise of crypto forensics— A growing industry of specialized firms and investigators is leveraging blockchain’s inherent design to unravel complex financial crimes, demonstrating that “±ô´Ç˛őłŮ” crypto funds can often be recovered.

    • An evolving battlefield— Despite the ongoing challenges posed by tools like mixers and privacy coins, blockchain technology is fundamentally shifting how financial crime is fought, turning the very system criminals exploit into the means of their capture.

Cryptocurrencies and other digital assets are used by criminals, which is great for catching them. Indeed, the biggest criticism of crypto since its inception has been its criminal use, which was estimated to be almost half of all activity by the end of 2017. In the past three months alone, asset seizures and forfeitures of more than $22 billion in crypto have been made by authorities in the United Kingdom, the United States, and their international partners.

These historic interceptions of illicit funds prove that the fundamental architecture of blockchain — the digital ledger that underpins most virtual transactions — makes it the perfect tool for catching criminals, validating the hypothesis of Satoshi Nakamoto, the presumed pseudonym of the person or persons who developed bitcoin, that fraud could be prevented through intentional system design.

While criminals assumed they could optimize their illegal activities using crypto to obfuscate fund flows, the blockchain ledger’s immutability has created a niche for financial crime investigators seeking to unravel these cases. Companies like Chainalysis, Elliptic, and TRM Labs have become synonymous with these investigations, joined by a growing network of smaller firms that are democratizing crypto investigations, combating terrorist financing and online child abuse. Ultimately working to secure seized assets and prevent further harm. By all measures, the ecosystem is expanding rapidly.

Every crypto transaction creates a permanent trail that allows investigators to catch criminals even years after their crimes. This is how, a digital exchange hack in 2016 that resulted in the theft of 120,000 Bitcoin worth $72 million (at the time) and was chronicled in the Netflix documentary was wrapped up years later with the seizure of $4.5 billion in crypto and the arrest of the two alleged perpetrators in 2022. Law enforcement may not move as fast as crypto, but if the whale is big enough, they will catch it.

Indeed, the scale of cryptocurrency-enabled crime threatens Western economic stability. The FBI received 149,686 crypto-fraud complaints in 2024, totaling $9.3 billion in losses, likely significantly lower than the true figure. More than 100,000 people are trafficked and forced to operate scams from compounds in Cambodia and Myanmar. The Prince Holding Group, a transnational criminal organization headed by Chen Zhi, generated , approximately $10.95 billion annually.

Financial crime as economic warfare

These are just headlines. Further research in the Netherlands shows that only 11.8% of fraud victims actually report being victimized. While many dismiss fraud and blame victims, crypto-related fraud is becoming economic warfare systematically draining wealth from Western economies while enslaving hundreds of thousands in forced labor camps across the Global South. With potentially $80 billion lost annually to crypto fraud, the impact extends beyond the 1.14% of the US federal budget it represents. This illicit outflow causes loss of productive capital, tax base erosion, and reduced economic activity.

Yet the technology accused of enabling this new generation of fraud simultaneously provides the tools to detect and combat these criminal organizations more successfully than any financial crime fighting technology in history. The Chen Zhi case, easily the largest asset forfeiture in US history at around $15 billion, demonstrates this perfectly.

Every crypto transaction creates a permanent trail that allows investigators to catch criminals even years after their crimes.

This is why I’ve spent the last four years studying the crypto ATM industry. While most financial crime professionals saw a problematic service in a problematic industry, I saw a massive dataset of criminal activity that could predict other illicit activity beyond crypto ATMs. This dataset helped identify terrorist financiers, vendors of child sexual abuse material (CSAM), and countless scams and frauds. Layer data-rich sources like crypto ATMs with blockchain data, and a good investigator can achieve remarkable results.

Modern blockchain analytics leverage the features Nakamoto designed for trust and verification. Immutability makes evidence tampering impossible and investigations public; and verifiability allows investigators to validate every step of a criminal’s crypto trail. Consensus mechanisms create a distributed jury of millions, validating the evidence chain further. These features enabled authorities to map the , revealing 76,000 fake social media accounts operated from facilities using 1,250 phones across 10 Cambodian compounds, and tie it to $15 billion in bitcoin.

The same technology facilitating billions of dollars in pig butchering scams annually enables law enforcement to catch the transnational criminals and recover funds. Traditional financial crimes disappear into offshore accounts and shell companies, often leaving investigators blind. However, as anyone in blockchain forensics knows, Locard’s Exchange Principle remains true: Every contact leaves a trace. Blockchain’s public ledger means every suspicious transaction leaves a permanent clue.

Nakamoto’s vision of “electronic transactions without relying on trust” inadvertently created a system for establishing criminal culpability. The blockchain’s public nature convinced criminals they could hide in plain sight, but Nakamoto saw that participants would be deterred from fraud by this transparency. The naive assumption that users had nothing to hide if doing nothing wrong quickly revealed plenty were doing wrong. Still, the system proved fit for purpose once tools were built to catch bad actors. Nakamoto’s white paper’s emphasis on preventing double-spending through public verification created a framework in which crime-spending leaves permanent evidence. All a good investigator needs is time.

The rise of crypto forensics

As crypto advances, tools like bridges, mixers, and privacy coins pose constant challenges for investigators, but claiming the money is gone when crypto is involved is simply false. As blockchain forensics advances, criminals face an uncomfortable truth: They’ve been conducting operations on a permanent, public, immutable ledger. Their only protection is time and cryptographic puzzles that an entire industry is working to unravel.

While some has been diligent in pointing out some of the challenges in the industry and some of what’s been missed, there are a lot more illicit fraud cases that never see the light of day because of what has been prevented by blockchain forensics. And while it may not be perfect, the fact that there is an industry working to build a safer financial system than what has gone before is commendable, and the accountability that public ledgers have enabled is energizing for those that must police it.

Unfortunately, the $15 billion Chen Zhi seizure isn’t the end but the beginning. With at least $64 billion stolen annually, these criminals have little incentive to stop. While some scam compounds have been dismantled, reports indicate they’re simply being relocated.

Nevertheless, blockchain is setting a new paradigm in financial crime, one in which the technology enabling crime will eventually become the weapon that defeats it.

You can learn more about financial crimes and other regulatory issues involving cryptocurrencies here

The challenge for many organizational leaders now is that given the continued industry and market volatility, how can they best determine what data directions to take, what investments to make, and most importantly, what transformation skills will be needed to deliver services and compete successfully.

As this year began, the projection of forecasting models suggested that a larger scale of operations, robust mergers and acquisitions, and efficient, fast-cycle innovations — such as AI, generative AI, retrieval-augmented generation, and now of course, agentic AI — would be necessary to capitalize on economic growth, amid an anticipated dismantling of burdensome regulatory oversight.

The current economic rebalancing has fully exposed inherent data weaknesses, and calls into question the measurements, requirements, and design approaches to data success that were once considered advanced.

However, the new reality unveiling itself has shocked industry leaders. Economic contraction, supply chain implosions, cascading layoffs, opaque risks, and a withdrawal of investor guidance are breaking more than operating models — they are destroying the value of the traditional infrastructure that underpins insights and efficiencies. Additionally, the transformation of core principles and practices are hindered by decades of technological debt, and most recently, functionally limited AI solutions.

The crumbing core

The shock and awe now disrupting traditional markets challenges the industry cloud-defined growth models that were introduced nearly two decades ago. The core models of operation and system ideations underpinned by core axioms of data management are no longer providing adequate operating efficiencies and then benchmarked ROI.

Indeed, the current economic rebalancing has fully exposed inherent data weaknesses, and calls into question the measurements, requirements, and design approaches to data success that were once considered advanced.

Whereas numerous, sophisticated data solutions are now commercially available — meshes, fabrics, weaves, governance, metadata, security, and privacy — they quickly become expensive, burdensome IT white elephants. Even within agile (prototyping, pilots, and production), methods of defining cloud or on-premises systems can become obsolete quickly across industries drowning in event data. When applied to the core of traditional design solutions, it is now apparent that transformational leaders have been asking the wrong initial questions.

They ask, “What is the product? What is the insight? What is the platform we need to build?” However, the more practical, simpler, and impactful question with AI is: “What are we building on?” Analogous to building a house, what is the data foundation that will serve transactional, informational, and AI solutions across use cases and epic stories?

Data velocity, volume, value, variety, and veracity — known as the five Vs of data — have permanently altered organizations’ core infrastructures and future demands. No longer defined by products or services, core capabilities are based instead on vertical data domains, fabrics, flows, reusability, and data architectures that are expressed in use cases which identify needs across horizontal corporate functions of legal, compliance, tax, audit, and risk.

Why it matters

As organizations continue to rapidly evaluate and adopt AI-enabled solutions, it is data that increasingly becomes critical for day-to-day delivery. Data has become part of the organization’s infrastructure and represents a set of governed, reusable, and interoperable data domains that powers operations, analytics, and now iterative AI applications.

Unlike traditional approaches creating structured schemas, or data lakes full of unstructured streams, adopting a new business core by using data as infrastructure (DaI) delivers an orchestrated architecture that ensures reuse, on-demand access, and governance. Of critical importance, DaI is not another tool, data warehouse, or API. As illustrated in Figure 1 above, the evolving organization of tomorrow needs more and more data that is actively governed, reusable, and componentized.

Whereas prior IT data oversight initiatives were overly complex, expensive, and centralized, while returning limited value, DaI represents the expansion of data-as-a-service and data-as-a-product by fusing modern data architectures, AI, and strategic transformations that are designed to reshape core fundamentals. Fueled by business requirements, use cases, and epic stories needing traceability, DaI serves to deliver adaptable regulatory compliance, auditability, risk predictions, and customer trust against compartmentalized data designs.

The DaI compartmentalization approach means it is like a step function, iterative, compounded, and capital-lite, when contrasted against large commercial-off-the-shelf solutions that necessitate outsized investments for limited returns.

What’s important and imperative

As AI reshapes processes, interactions, and outcomes, the operational agility of data foundations determines innovative and organizational relevance. This means that legacy thinking and methods will face a harsh reality — the existing data foundations are too brittle, too segmented, and too costly to support future demands and interoperability.

Rethinking the core of the organization now demands a re-purposing of how data is used and reused, compartmentalized, structured, governed, and embedded within systems across the enterprise. Figure 2 illustrates the distinctions between traditional process-first approaches and DaI across five taxonomy traits of remaking the core — observable, governed, composable, reusable, and interoperable.

Rather than lifting-and-shifting databases and context to alternative data ecosystems, DaI maps acquired data into shared infrastructure layers. This layering recognizes legal separation of entities, independent domain governance, federated AI data demands, and regulatory compliance within a common architecture that can satisfy diverse constituencies. For implementing DaI, the challenge is not the rationale, benefits, or tightly coupled implications, rather, it is identifying the practical segmentation and methods necessary for continuous delivery.

Practical implementation

DaI is an evolution of an organization’s data products and services across AI and its operational implementations that ultimately creates a data infrastructure that is reliable, reusable, and repeatable. It’s a long-term approach and design that is implemented in short-term bursts, making enterprise agility economical against changing markets.

As noted, DaI requires a structured and cross-functional series of interconnected sprints that blends robust data architecture with outcome-driven milestones. Organizations need to begin with a strategic framework that encompasses existing baselines and tool sets. Then, they need to stand up reusable components — data isolation modules — that are self-contained and tied to domains. Finally, they should map out the orchestrations within the use cases and epic stories which can ensure observability and trustworthiness.

Seeking the DaI solution

When an organization’s data core is fragmented, lacks scale, is untrustworthy, and of poor quality, DaI is the iterative, positive transformational approach to create the kind of data architecture that delivers durability, practical governance, and innovative modernization. And instead of duplicating data systems, DaI maps key domains such as clients, contracts, orders, compliance, and legal into a shared data infrastructure.

The idea of DaI is purposedly designed to work organization-wide while delivering within a domain or department with data policies, access controls, and quality being built in and owned by localized data product teams.

Taken holistically, DaI stands up new business models that organizations need to rapidly scale both their operational and analytic systems while allowing them to compete in today’s marketplace. In the end, when organization leaders rethink their core data and infrastructure using DaI, everything else becomes possible.

You can find more blog posts by this authorĚýłó±đ°ů±đ

As promoted, AI is the answer to all changes in business models, it will fix staffing and skill set deficiencies, and it will boost and scale profitability. AI has also ushered in new sets of delivery demands, deployment methods, data operations, and rising expectations in addition to changing roles and responsibilities to define, establish, manage, and retire its rapid-cycle technologies. AI — from cradle to grave — is redefining the lifecycles of deployment.

Nevertheless, AI at its foundations contains complex, data-driven solution sets that require data fuel, which is relevant, event-driven, secure, and critically free from defects. In simple terms, if the data fuel is dirty, irrelevant, and biased, the AI outputs feeding other AI inputs will create results that may initially excite project sponsors, yet create hidden risks, compliance failures, and legal liabilities. In the end, if the fuel that feeds AI solutions is tainted, the AI itself will yield misinformation that is cascaded across the enterprise, impacting customers and attracting unwanted regulatory attention.

Implicitly, and often hidden within the AI pilots and divergent vendor promises, is the assumption that the data for usage is generally stable, defect free, and readily available. As AI solutions increasingly become interconnected and trained on smaller, internal data sources, the margin of error often rises. Increasingly, AI discussions are concentrating on the intelligence layers within the AI solution sets, but the risk hidden within starts and ends with the unglamorous data itself.

Digital transformation was just the beginning

Designing clean data ingestion solutions and elements from the original systems-of-record is not simplistic nor is it as glamorous as designing new AI intelligence algorithms. For corporate leaders seeking to embrace AI’s innovative relevance, the idea that additional time, money, and skills need to be allocated to data after 15 years of digital transformations appears counterintuitive.

By discounting emerging data usage across what are familiar data transformation categories — that is, structured and unstructured — leaders and their IT operations are not recognizing the vast inputs used by AI solutions. Data auditability beyond structured and unstructured includes:

• • • semi-structured
    • metadata
    • dark data
    • archived and legacy sources
    • event and streaming data
    • transactional and reference sources
    • third-party, ethically sourced data (beyond data broker inputs); and
    • derived and AI-created (or cascading) data.

Given the constant change in the data, organizations rapidly adopting AI solutions need to de-risk and streamline training and inputs across vast domain-specific sources. Organizations need to objectively assess and continuously audit the data that is fueling their AI solutions, while simultaneously taking coordinated and comprehensive action to bridge the gaps between current and future data requirements. Where many organizations begin with the features, functionality, and form of their desired AI end-state, the project baselines need to start instead with system-of-record data origins and existing segmentations contained across departmental and divisional functional applications.

These data compartments represent pain points that are spread across traditional domain systems and encased within legacy infrastructures. As AI progresses, the data-driven gains will apply new pressures that are needed by and created from AI inputs and outputs. These pressures are at opposite ends of the data spectrum and will drive emerging, advanced requirements for data audits.

What Figure 1 puts into perspective are the critical drawbacks of non-cohesive AI implementations. If leaders embrace the operating and business model solutions that spearheaded the digital transformation efforts of the last decade, it is probable that fragmentation efforts — due to data quality and proliferation — will drive up costs, such as personnel, power, infrastructure, cloud, and more, while also raising the likelihood of inconsistencies and risks at alarming rates.

Integration of autonomous software layers

To address the emerging regulatory, audit, and legal requirements that are sandwiched between the pains and gains of data, enterprises will need to create and deliver against a framework of automated solutions. Each of these building block solutions, built upon a foundation of domain and cross-market data standards, requires tightly coupled stacks of solutions to provide multidimensional interoperability that will be necessary to meet the rapidly changing AI technologies that they power.

No longer can data auditability be a one-and-done periodic strategy that provides a point-in-time snapshot — it must be designed for automation and for the continuous iteration that’s needed for all forms of AI fuel. To understand the complexity and intracity of the data fuel for AI, a deeper dive is required and demanded by regulators, customers, and the very AI technology itself.

Moreover, Figure 2 represents the granular segmentation necessary to create not just the rigor of data auditability, but also the adaptability of event-driven data and architectures. To compare this against prior efforts of pre-AI data auditability — when corporate leaders used a host of specialists and solution containers to define, assess, and implement specialized solutions — illustrates how much more complex the situation has become.

Shifting of roles and responsibilities

These solution outcomes, while progressive and managed, led to data auditability deserts between one area and another. Moreover, traditional point-developed solutions that could address a unique data component — such as lifecycle, analytics, or governance — typically are under the control of discrete C-level leaders, each with their own goals, outcomes, and staff. An illustration of these is shown in Figure 3 (below) with ultimate alignment under the control of distinct C-level executives.

To guarantee that AI is defined, managed, measured, and optimized, the evolving organizational roles and responsibilities must surround shared auditability elements that are shown at the core of Figure 3, including strategy, cost-benefit analysis, change management, and ethical sourcing. By utilizing a holistic approach for data auditability, the negative risks for regulatory compliance, legal exposures, and software actions are minimized, thereby allowing tightly coupled solution sets that minimize outside oversight and governance.

The mainstreaming of AI in 2022 promised step change improvements, which in theory eliminate the need and expense for experienced personnel. Yet, as we now comprehend, AI is not flawless, it struggles with scalability and transparency, and it has yet to robustly address cascading impacts associated with upstream and downstream data interconnectivity.

Enterprises can glean several call-to-actions from the illustrations presented, but in summary these actions are grouped around:

• • • identifying cross-domain problem solutions that span roles, software, and data usage;
    • atomizing the value for each data management solution as part of an active stack of capabilities, each interconnected to the others’
    • focusing on re-use and automation to adapt (rather than adopt) to vast data sources and uses;
    • democratizing data across a federated cradle-to-grave data strategy and architecture;
    • developing deep data-as-a-product skills and designs that can ease the burden of data oversight and governance; and
    • accepting that AI is the next-gen usage for software development, and that it begins with shared data resources, approaches, and rapid-cycling.

In the end when AI fails or succeeds, the data that fuels AI will be the opaque cause-effect lynchpin that starts unintended consequences and delivers value-added capabilities. Without proactive formulation and oversight that utilizes the components highlighted, AI will fail to deliver against rising expectations.

You can find from this author here.

The absence of regulatory guidance paired with the create treacherous waters for even the most diligent of compliance officers. by Director of the SEC Division of Enforcement Gurbir Grewal about compliance expectations, particularly concerning individual liability of compliance personnel, should trigger concern for crypto market participants. Grewal emphasized that the SEC would bring actions against compliance personnel “where there was a wholesale failure by compliance personnel to carry out their compliance responsibilities.” This test depends critically on agreement or consensus regarding compliance responsibilities. With no federal legislation or substantive regulatory framework in place, unlike with the traditional financial services industry, the possibility increases that even good-faith efforts in crypto are deemed insufficient by regulators and perhaps characterized as “wholesale failures” warranting sanction, per Director Grewal’s public statements.

Areas of crypto risk

Crypto compliance officers do not have the luxury of waiting for clearer regulations to be promulgated. Instead, they must ensure even amid this uncertainty that their protocols satisfy a host of regulators who have murky and often differing expectations. Certain primary areas of focus, described below, are essential to reduce risk and inspire confidence about a program’s effectiveness.

Understanding blockchain technology

Companies involved in cryptocurrency and their executives must have individuals working on their compliance team who substantively understand blockchain technology, the underpinning of crypto-based activity. Compliance teams must be able to educate employees as to compliance expectations and educate regulators as to their crypto products and operations. Communicating effectively with both constituencies will ensure both a highly functioning and defensible compliance regime.

AML procedures

A core area that compliance strategy must focus on is implementing a satisfactory and robust anti-money laundering (AML) program. Crypto’s decentralized and pseudonymous nature is often viewed suspiciously by regulators as a conduit to hide illicit activity. Indeed, AML experts note that failure to comply with AML requirements is often a part of the against companies. Without proper safeguards against money laundering, and the potential for other financial crimes, crypto companies are vulnerable to regulatory scrutiny and exploitation by bad actors.

Crypto asset trading companies must augment traditional AML procedures to include crypto-specific tracking and analysis in their compliance regimens, including using blockchain intelligence tools to identify risky and/or terrorist-associated crypto-wallet addresses. Further, companies should remain conscious of being evaluated under the Bank Secrecy Act (BSA). For example, in October 2022, Bittrex was considered a money services business, ultimately being by the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) — both agencies within the U.S. Treasury Department — for failure to comply with the BSA, AML laws, and other sanctions. Key to the penalties was Bittrex’s access to customer IP and physical address information collected from on-boarding new customers. The company knew numerous customers were located in sanctioned jurisdictions but did not screen customer information for associations with those jurisdictions.

BSA violations by crypto companies could also have criminal consequences. In May 2022, , one of the oldest and largest convertible virtual currency derivatives exchanges, was sentenced in the Southern District of New York to six months of home detention and a $10 million fine for violating the BSA by failing to establish, implement, and maintain an anti-money laundering program, including a program to verify the identity of BitMEX’s customers via a properly administered know your customer (KYC) program. The company also settled charges with the CFTC and FinCEN in 2021, paying $100 million for BSA and AML violations.

Retention policies

Retention policies are a relatively straight-forward proactive step that compliance officers can take to create goodwill with regulators. There are no express regulatory retention requirements for crypto companies, in sharp contrast to express obligations governing the traditional finance space. Nonetheless, regulators deem retention policies as a bellwether of a company’s compliance culture. As but one example, in the recent prosecution and conviction of , prosecutors pointed to an absence of a retention policy by FTX as indicia of wrongdoing. Such negative impressions are avoidable. Crypto trading companies should consider creating systems that, as applicable, can log:

• • • • trading data, including profit and loss figures;
      • employees trading assets or managing automated trading strategies; and
      • the quantity and types of assets traded.

Additionally, crypto-involved companies should consider retention for some years of all company account communications, including not only standard communication methods like email, instant messaging systems, and less traditional communication modes common in the crypto space.

Third-party due diligence

Crypto-involved companies should be exacting in implementing risk-based approaches when engaging with third-party providers. Regulators have been clear in the traditional finance world that companies are accountable not only for their own compliance obligations, but those of third-party vendors upon which they rely. In fact, the by the U.S. Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency, advised that, “[t]he scope and degree of due diligence should be commensurate with the level of risk and complexity of the third-party relationship. More comprehensive due diligence is particularly important when a third party supports higher-risk activities, including critical activities.”

This regulatory focus will be magnified in the crypto space. The government views the crypto industry as fundamentally high risk, based often in part on thin understandings of a crypto ecosystem and its novelty. This means that diligence requirements for third parties are very likely to be an expected area of regulatory scrutiny. Marketing and development efforts involving third parties — often leveraging less disciplined mediums like social media, podcasts, and collaborative workshops — create room for misunderstandings and potential problems. Accordingly, as part of a third-party risk assessment program, crypto companies should conduct due diligence on third parties prior to engaging them.

Audits

Successful and sustainable compliance programs can utilize internal and external audits to get ahead of any issues and demonstrate program’s effectiveness. When done with a regular cadence, audits pressure test compliance programs and provide regulators comfort as to a company’s compliance culture. Given the challenges that many regulators face in understanding the technologies at work and identifying a legal theory of culpability, certain regulators have pointed to weak cultures of compliance with crypto companies as a means for pressing investigations forward.

Privacy and data security concerns

Operating in a digital environment, the risk of data leaks, cyber-hacks, phishing schemes, and bad actors remains ever present; and because crypto is a booming new industry, scammers have targeted it heavily.

Since crypto uses blockchain technology for verification and does not run through financial institutions, it is also harder to recover the proceeds of theft and its impact. Compliance officers must create tailored provisions that safeguard internal company data, data from partners and consumers, and company and customer assets.

Conclusion

The crypto enforcement landscape continues evolving rapidly but without any sign of greater statutory or regulatory guidance in the immediate future. In December, the seeking new rules specifically targeting the digital asset sector. The SEC said it would not propose either new rules or long-requested clarification of its expectations because the SEC contends fundamentally that current securities regulations provide crypto companies with sufficient notice of their obligations. This is a premise with which few, if any, sophisticated crypto professionals agree.

There is no indication that enforcement efforts will slow — if anything, greater enforcement reach is likely, if not certain. Therefore, it is incumbent upon compliance departments and their officers to be proactive in crafting best-in-class compliance programs to continue protecting not only the company and its customers, but also to insulate themselves from enforcement inquiries and potential liability.

Raja Chatterjee contributed to this article. He is a former prosecutor and served as in-house counsel with responsibility for legal, risk, and compliance functions.

From there, Schwerdtfeger spoke on technologies of the future, from blockchain to Web 3.0, from solar batteries to the metaverse. Just about every industry is changing in some radical way, he explained, and legal is no exception.

However, there was one crucial detail that he may have forgotten: Schwerdtfeger was speaking to a room filled with veterans of the legal industry. The legal industry is built on precedent mixed with a healthy dose of risk aversion, after all, and the industry has received a well-earned reputation over the years of never even trying to explore use cases for next-generation technologies. So, of course, it’s reasonable to believe that the legal industry would be dragged kicking and screaming into the third generation of web technologies like the metaverse and blockchain, rather than trying to capitalize on those opportunities.

Some innovators in legal have envisioned blockchain as a way to explore more business-oriented applications of distributed ledger technology.

Along the way, however, a funny thing has happened. In recent years: Law firms and corporate law departments alike have gotten more intelligent about both being a part of the conversation surrounding these technologies’ development, and exploring novel ways to separate themselves from their peers. In doing so, many within the legal industry have started to take a proactive stance on innovations like blockchain and metaverse, with not only technologists but leading attorneys themselves jumping on board. Here’s what the ILTA conference revealed about how today’s legal industry is taking a practical approach to next-gen technology.

Blockchain by blockchain

Blockchain has received a lot of attention for being the underlying technology behind digital assets such as cryptocurrency and non-fungible tokens (NFTs). Some innovators in legal have envisioned blockchain as a way to explore more business-oriented applications of distributed ledger technology.

Law firm Hogan Lovells, for instance, sees blockchain technology as an opportunity to reform its real estate processes. The firm has developed DriveChain, a collaboration between the firm, banking company BNP Paribas and blockchain technology provider Integra Ledger, to automate parts of the real estate process. DriveChain looks to eliminate manual data entry or multiple layers of approvals by automatically coding deal details such as parties, sale price or amount for rent, and more into the document, which generates a unique deal ID. The data is then given a unique code called a hash, through which all parties are notified if any details of the deal are changed, with an automatically generated ledger of all changes and approvals for the document living on the blockchain.

“What we are doing with blockchain is validat[ing] that the document they received, that the metadata within the document, is still validated,” said Bob Shaeffer, senior manager of architecture and integrations at Hogan Lovells, during a panel on the use of blockchain in professional services firms.

Shaeffer was quick to add that DriveChain is not a piece of blockchain technology itself, but rather the name for the new real estate-centric workflow. Blockchain technology simply functions as a piece of the overall puzzle, and only the hash and the unique ID for the data actually sit within the blockchain architecture. This way, the firm still holds crucial deal details inside its own walls for the protection of clients, but still utilizes the new technology to cut time out of the process for approvals.

“The primary focus on DriveChain is not the blockchain, but the blockchain is an integral part of what we’re doing,” Shaeffer explained.

It’s this type of practical application that more and more firms are exploring on the blockchain, added Joseph Raczynski, a technologist and futurist with ¶¶ŇőłÉÄę and author of the website JoeTechnologist.com. At a separate ILTACON session, Raczynski explored a number of business use cases for blockchain technology, from “smart” contracts that are automatically executed once specifically coded parameters are hit, to decentralized finance (DeFi) marketplaces that are increasingly becoming a hub for business transactions. He even pointed to one firm, Rose Law Group, that executed a legal wedding online, with both a prenuptial agreement and a marriage license coded as a legally binding NFT.

“They moved down the road of taking documents that are unique and making them an NFT, which is what we’re going to see in the not too distant future,” Raczynski explained.

Into the Metaverse

However, it’s not just business applications that have those in the legal industry excited about future technologies. Some see tech innovations, such as the metaverse and blockchain, as the platforms around which daily life will soon be centered – and thus, around which legal practices will also be centered.

Alejandro Vallellanes, knowledge services manager at law firm Baker McKenzie, has seen a lot of confusion about what the metaverse actually is, leading some to discount it entirely. Vallellanes, who spoke on a panel about the use of the metaverse in legal, said not to think of the metaverse as a place, but instead as a concept, a moment in time where things are beginning to change. “It’s a tipping point where our digital self is more valuable than our physical life,” he explained.

Attorneys are now beginning to sort through the natural issues – who owns digital assets; what rights do human representations have in a digital world; does attorney-client privilege carry over; who owns digital likenesses; how to preserve, collect and analyze metaverse data; and more.

That tipping point may already be approaching. Indeed, between explosive cryptocurrency holdings, the value of social media advertising and an increasing emphasis on digital holdings like NFTs or virtual real estate, that point already may be here. “For some people, that asset class is more valuable than their physical assets,” Vallellanes added. “When that happens across the board, we can already consider ourselves living in some sort of metaverse.”

For legal and professional services organizations, then, the metaverse is quickly becoming not the realm of first movers, but simply where clients hold their own valuable assets. Cat Casey, chief growth officer at legal technology company Reveal, who spoke on the same metaverse panel, likens the current shift to the advent of the Internet and email – a curiosity at first, but one that quickly transformed into a daily necessity. “After a while, it became so ubiquitous that you couldn’t opt out,” she said.

Naturally, there is skepticism about whether the metaverse could truly become that pervasive. Are people really going to be holding all of their assets online? Yet, almost half (48%) of consumer respondents said they would be very interested or somewhat interested in shopping within the metaverse within the next five years, according to a McKinsey & Co. survey from February. More than 40% of respondents said they would be interested in using the metaverse to attend a telehealth appointment, attend a live learning course or even meet with friends and family, the survey showed.

Plus, where people are, money follows. Jerry Bui, a managing director at FTI Consulting who spoke on the metaverse panel as well, notes that Goldman Sachs has estimated the metaverse’s ultimate market size to be somewhere between a $2 trillion and $12 trillion opportunity. Even now, Bui added, virtual gaming has become a $200 billion business, dwarfing many other forms of media. “If you don’t think there’s momentum towards that end, just look at the money that’s flowing into this space,” Bui explained.

With any big business opportunity, legal problems will follow, and the panelists noted many attorneys are now beginning to sort through the natural issues – who owns digital assets; what rights do human representations have in a digital world; does attorney-client privilege carry over; who owns digital likenesses; how to preserve, collect and analyze metaverse data; and more.

However, for attorneys and their organizations, these open questions present a golden opportunity to drive the technology’s development with an eye toward risk management and proper legal reasoning, Bui said.

Indeed, the two events in which I participated each offered a key, primary themes — deep security educational content offered to those in the legal technology realm for LegalSEC; and product awareness for current and prospective iManage customers at ConnectLive — as well as the usual parties and ubiquitous panels for all attendees.

However, over and above the expected content, these events featured a unique set of activities designed to motivate professionals to get out of their basements and living rooms and back in an environment that can better foster collaborative learning and skills expansion, such as workshops, focus groups, TED talks, networking sessions, and more. In short, it seem, at least to the organizers and many attendees, that it was time to get back to serious work.

Here are some highlights of some of the innovative tactics used to enhance the learning experience and engagement level at each conference.

LegalSEC Summit

SAN ANTONIO — Workshops were a key element of the LegalSEC Summit, with one full day of the conference dedicated almost solely to workshop content.

For example, one morning session, Using Your Work Behavior DISC profile to be More Influential and a Better Team Member asked participants to complete a behavioral self-assessment tool prior to the conference, with discussion of the results occurring at the workshop. The goal was to establish a performance development framework to help attendees understand their leadership styles and improve their workplace teamwork.

To summarize briefly, the DISC process was as follows: Prior to the conference, attendees self-identified, via the response to scores of questions, a ranking score in four areas: Dominance, Influence, Steadiness, and Compliance. This helped participants understand their “work styles” via comparisons like these below:

• • • Assertive vs. Reflective
    • Optimistic vs. Realistic
    • Predictable vs. Driving
    • Complaint vs. Pioneering

During the workshop, discussions and exercises provided guidance to help participants understand both their greatest strengths and developmental opportunities — crucial topics that are unfortunately rarely addressed in the day-to-day work lives of deep technical professionals.

In the afternoon, focus shifted back to core security content through a group play of Backdoors & Breaches, an incident response card game, from Black Hills Information Security and Active Countermeasures. The main goal of the game is to help security professionals conduct incident response tabletop exercises and learn attack tactics, tools, and methods in an interactive manner. Essentially, attacks within the game are triggered by an Incident Master, a combination of dice rolls and procedure cards occur, and there is an ability to use what are called Inject cards to add chaos into the game and facilitate further conversation. Ultimately, there are determinations made about actions taken by a Defender. Throughout the process, the game serves as a teaching tool about the different tactics and defensive actions one takes within the cybersecurity function.

The event’s keynote speaker, Kenya Parrish-Dixon, the General Counsel and the Chief Operating Officer for Empire Technologies Risk Management Group and an expert in information governance, cybersecurity, and e-Discovery addressed stepping into a leadership position when an organization is in chaos. In her speech, From Chaos, Opportunity, Parrish-Dixon reminded attendees about the value of continuous learning and how a combination of divergent assessments can help identify issues and reduce chaos. “The opportunities that presented themselves to me often came when organizations didn’t have the internal expertise to resolve problems,” she said. “Stepping into that chaos has led me to greater heights in my career and will lead you to better opportunities as well.  Don’t shy away from problems — be the leader that the moment needs.”

All in all, the LegalSEC Summit’s focus on soft skill development and security issues in a game theory approach within the context of multilateral workshops gave the event a unique flavor, and I believe enriched the overall experience for attendees.

ConnectLive

CHICAGO — ConnectLive 2022 is iManage’s networking and information update event for its customers, partners, product experts, and users. As such, it exists most as an opportunity to convey the product roadmap, hold discussions on company strategy, and, importantly, facilitate the collection of feedback from clients on product issues or requests.

Yet, it was within the realm of client feedback that ConnectLive used many tactics to solicit information in new ways that proved most interesting and offered useful strategy suggestions to attendees. Focus groups and opportunities to pose questions to panelists in small groups or one-on-one formats were used with the idea that by creating a variety of input types, the quality of the feedback received would be enhanced.

Sharing data with participants was also done in different ways. In addition to the traditional panels and roundtables, other formats such as TED-style talks were leveraged to pass knowledge along in formats more consistent with how we all receive information today, specifically in shorter bursts of concise, denser messages.

On a personal level, I enjoyed the sessions outlining the iManage development roadmap, and was able to participate as a panelist speaking to building a business case for moving to the cloud. Some of the compelling reasons for such migrations include a desire to outsource certain elements of technical support to experts, improved security, and move to a fixed monthly expense.

Summing up

It was illuminating to see how both ILTA and iManage executed their vision of delivering content, albeit in different ways, to enhance the conference experience and make the most of the less frequent face-to-face time many legal professionals have together. Organizers went to great lengths to expand the manner in which conference participants received content and interacted with the various presenters, making each event a more interactive and useful session than the more traditional conference experience.

It would be heartening to see this model followed going forward as more in-person events make their way back to the forefront.

In a session titled, Approaching the Verge: Opportunity and Reward in Web 3.0 Technologies, panelist Amy ter Haar, legal counsel at Global University System and board member of Ocean Falls Blockchain Group, began by exploring the positives of the metaverse, noting that the metaverse is not just one technology, but rather “the ability to interface with technology in a whole new way.”

In a typical transaction, for example, there is one party (often an intermediary, such as a bank) in charge of recordkeeping and information. But when parties in the metaverse enter into a transaction using the blockchain, both parties can access and change information as needed, with a secure record of those changes verified by all parties. In that way, ter Haar said, the metaverse is “disempowering intermediaries and gatekeepers and empowering people.”

Still, the metaverse can be tough to define for those not engaged in the space, she added. “If you engage in the exercise of replacing the word metaverse in a sentence with the word cyberspace, you’ll find that 90% of the time the meaning doesn’t change.”

To better envision how the metaverse paradigm can change interactions, panelist Matthew Rappard, chief technology officer at security company Vaultie, said to think of how most people interact with the internet on a daily basis. Generally, he said, “there is this loss of the concept of privacy.” Every person has equipment to record video, apps that track location, easier access to secure information like bank accounts, and more. On the other end, the metaverse can provide users with another path via the ability to present as a different self. Video content creators called Vtubers present as online avatars that are wholly disassociated, where viewers never see their actual identities.

“You’re ending with this kind of switchover where in the public world you’re seeing less privacy, but in the digital world you’re seeing something different,” Rappard explained, adding that the switch comes with a virtual world that provides more control. “When we’re talking about the metaverse, it’s the ability to control your identity and how that identity interacts with smart contracts.”

Where the Metaverse and law intersect

When legal disputes arise, however, the metaverse’s nascent nature and increased focus on privacy can be a hindrance as much as a boon. While panelist Yinka Oyelowo, principal lawyer at Toronto-based Yinka Law, believes that the metaverse and associated blockchain technology “simplifies a lot of the processes that we see in real estate,” for instance, she acknowledged that resolving metaverse-related disputes remains “very hypothetical.”

Consider the case of trust and estate issues: Who would take ownership of a piece of metaverse property if the original owner passes away? While smart contracts encoded within the blockchain are very good at executing the specific terms of a contract, they may also need to take into account how a transfer of property would be executed and the rules in any jurisdiction that may apply.

“It’s quite complex, because the jurisdictional requirements for British Columbia are going to be completely different from the requirements in New Hampshire in the US,” Oyelowo noted. Law firms helping with this type of dispute would need lawyers that not only vet jurisdictional issues, but also understand the technology and are versed in the laws around trusts and estates.

Further, a regular issue when it comes to physical real estate is airspace: Who owns the three-dimensional area above or below a piece of property? However, real estate in the metaverse does not function in the same way, and determining airspace rights becomes difficult. Assumptions about the physical world “aren’t easily transferred over to the metaverse. It takes quite some time to understand the issues,” Oyelowo said, adding, however, that also means opportunity. “There’s a lot of fertile legal ground for those involved in trusts and estates, for commercial real estate.”

Indeed, all panelists pointed to the opportunity for legal professionals to provide clarity to emerging metaverse risks. The Digital ID & Authentication Council of Canada (DIACC) has been investigating ways to authenticate online identities while still maintaining confidentiality and privacy, Rappard noted. Oyelowo also pointed to startups that have been linking face IDs with cryptocurrency wallets, where a wallet holding crypto funds is opened through dual-factor authentication that includes both the facial scan and a unique code.

But even as these opportunities emerge, those in the legal world still need to look out for risks — and make sure they abide by ethical guidelines. Even those Vtubers who don’t show their offline identity present a legal and ethical challenge, Oyelowo said. “While most potential clients will be forthcoming with their identity while engaging in the metaverse setting, some clients… may prefer anonymity.” But in a province such as Ontario, this can be a problem: Before giving advice, attorneys are ethically bound to verify the client’s identity. And especially if the two parties are only conversing in a virtual world, clients may physically be in a jurisdiction with different or less stringent ethical boundaries.

That means that although the virtual world is emerging, physical considerations are still necessary. Therefore, attorneys should take care to “obtain identity documents that you are satisfied are valid” from the person behind the avatar, not just the metaverse avatar itself, Oyelowo explained.

Ultimately, the experts agreed that the metaverse will continue to evolve, with new opportunities and potential pitfalls both emerging in the coming weeks and months. Regardless of how it develops, what remains certain is that the metaverse will be an engaging space to watch going forward.

However, there was one crucial detail he may have forgotten: Schwerdtfeger was speaking to a room filled with veterans of the legal industry, which of course, is built on precedent, mixed with a healthy dose of risk aversion. Indeed, an industry that has earned a reputation over the years of never even trying to explore use cases for next-generation technologies.

Recently, however, a funny thing happened: Law firms and corporate law departments alike have gotten more intelligent about both being a part of the conversation surrounding these technologies’ development, and exploring novel ways to separate themselves from their peers. In doing so, as ILTACON revealed, many within the legal industry have started to take a proactive stance on innovations like the blockchain and the metaverse, with not just technologists but leading attorneys themselves jumping on board.

Blockchain by blockchain

Blockchain has received a lot of attention for being the underlying technology behind digital assets such as cryptocurrency and non-fungible tokens (NFTs). Some innovators in legal envision blockchain being used to explore more business-oriented applications of distributed ledger technology.

Law firm Hogan Lovells, for example, sees blockchain technology as an opportunity to reform its real estate processes. The firm has developed DriveChain, a collaboration between the firm, banking company BNP Paribas, and blockchain technology provider Integra Ledger, to automate parts of the real estate process. DriveChain looks to eliminate manual data entry or multiple layers of approvals by automatically coding deal details such as parties, sale price or amount for rent, and more, into the document. That generates a unique deal ID, which is put on the blockchain. The data is then given a unique code called a hash, through which all parties are notified if any details of the deal are changed.

“What we are doing with blockchain is validat[ing] that the document they received, that the metadata within the document, is still validated,” says Bob Shaeffer, senior manager of architecture and integrations at Hogan Lovells, during a panel on the use of blockchain in professional services firms.

Shaeffer is quick to add that DriveChain is not a piece of blockchain technology itself, but rather the name for the new real estate-centric workflow. Blockchain technology simply functions as a piece of the overall puzzle, and only the hash and the unique ID for the data actually sit within the blockchain architecture. This way, the firm still holds crucial deal details inside its own walls for the protection of clients, but it still utilizes the new technology to cut time out of the process for approvals.

It’s this type of practical application that more and more firms are exploring on the blockchain, adds , a technologist and futurist with ¶¶ŇőłÉÄę, from “smart” contracts that are automatically executed once specifically-coded parameters are hit, to decentralized finance (DeFi) marketplaces that are increasingly becoming a hub for business transactions. Raczynski even pointed to one firm, Rose Law Group, that executed a legal wedding online, with both a pre-nuptial agreement and a marriage license coded as a legally-binding NFT.

“They moved down the road of taking documents that are unique and making them an NFT, which is what we’re going to see in the not too distant future,” Raczynski explains.

Into the metaverse

It’s not just business applications that have those in the legal industry excited about future technologies, however. For legal and professional services organizations, the metaverse is quickly becoming not the realm of first movers, but simply where clients hold their value.

Alejandro Vallellanes, knowledge services manager at law firm Baker McKenzie, says that between explosive cryptocurrency holdings, the value of social media advertising, and an increasing emphasis on digital holdings like NFTs or virtual real estate, “for some people, that asset class is more valuable than their physical assets.” Vallellanes, who spoke on a panel about the use of the metaverse in legal, adds that “when that happens across the board, we can already consider ourselves living in some sort of metaverse.”

Naturally, there is skepticism about whether the metaverse could truly become that pervasive.

Yet, almost half (48%) of consumer respondents said they would be very interested or somewhat interested in shopping within the metaverse within the next five years, according to a McKinsey & Co. survey from February 2022. More than 40% of respondents indicated they would be interested in using the metaverse to attend a telehealth appointment, attend a live learning course, or even meet with friends and family.

And where people are, money follows. Jerry Bui, a managing director at FTI Consulting who spoke on the same panel, notes that Goldman Sachs has estimated the metaverse’s ultimate market size to be somewhere between a $2 trillion to 12 trillion opportunity. Even now, Bui says, virtual gaming has become a $200 billion business, dwarfing many other forms of media and sports. “If you don’t think there’s momentum towards that end, just look at the money that’s flowing into this space,” Bui explains.

Welcome to LawFirmDAO, a hypothetical but now feasible entity created within a decentralized autonomous organization (DAO).

Mind you, I know of no one who has written or talked about this, but this LawFirmDAO concept is something that could be the future of law firm structure. The reason? The lack of transparency within some law firms on occasion has been their undoing. Howrey and LeClairRyan both were victims of a few partners making decisions sometimes in a vacuum, without a wider participation of the firm’s attorneys; this ended up costing the firms dearly.

For some perspective, let’s unpack the essence of what a DAO means. DAOs are essentially entities built on code, leveraging smart contracts and tokens that permit token holders (attorneys) to vote on decisions the organization (the law firm) is considering. Fundamentally, a DAO is a blockchain structure – think of it as a safe database – that anyone can leverage to self-govern through participation. The entity is authored by rules that are baked into the code, permitting voting through digital tokens, sort of like cryptocurrency – all while leveraging smart contracts.

So, what does this mean? A DAO is a newer governance structure that humans (for now) are creating, which has a stated purpose and a plan to execute decisions via code. Let’s explore how this would work for LawFirmDAO.

Decision-making and profit-taking in LawFirmDAO

As a component of Web3, the next generation of asset tokenization, DAOs create a structure of governance. (Currently, most of the successful DAOs are built on the Ethereum blockchain.) Participants are essential to this structure, and they are directly linked to that organization in a verifiable and provable way.

This is accomplished via a digital wallet, linked to a blockchain that contains your assets, money, non-fungible tokens (NFTs), deeds and your DAO tokens – the latter proving you are a part of that organization. Think of it as your digital identity card to partake in the governance of the DAO. Each attorney would have a wallet with the LawFirmDAO tokens inside permitting them to connect to the DAO, create proposals and vote. The intent is to move away from a top-down model, and inherently a DAO structure enables this.

A well-written DAO drives community, fostering the creation of guilds within it to create new opportunities; the DAO then rewards people based on their individual participation.

In this vision of LawFirmDAO, a founder, for the purpose of creation, sets forth a plan to create the firm with all the typical rules of governance, but in full transparency and outlined in code, which is stored on a blockchain. After its creation, the founder withdraws as the leader to be an equal partner with all other participants, i.e., attorneys. The DAO is created, and tokens (shares) are issued. Prospective attorneys coming on board interact with the code via a friendly app or website, connecting in a digital wallet.

Compensation and work matters could be doled out simply as well. For example, attorneys could choose Option A and be rewarded for every client they bring in at 80% of those fees; or Option B and they are rewarded 10% of client fees because they did not bring in the client but worked the matter. In this way, attorneys could shift from one type of work matter to another by choice, simply by reassigning themselves and the code verifying it’s acceptable. Virtually every nuance of a firm governance structure could be pushed into this paradigm via code, verifiable via the blockchain.

Profits for the equity partners would be calculated by fees and automatically generated with their direct success via smart contracts. Rewarding structures are innumerable. Proposals from anyone in the LawFirmDAO would be offered via an online voting mechanism, verifying the person by their token in the DAO, and allowing them to put something to a vote – such as the creation of a new practice area in the next week, opening an office in Lagos or voting to change the profit structure. In this way, a DAO offers full transparency, equity, innovation, incentives, all of which are auditable and viewable in code. No one group or individual is dictating the direction, rather it is a verifiable way to be inclusive and egalitarian in its authorship and action – again, all via code.

An additional advantage to a DAO is the incentivized benefits aligned to the structure created within it. A well-written DAO drives community, fostering the creation of guilds within it to create new opportunities; the DAO then rewards people based on their individual participation. While a guild harkens back to the age of people forming groups of like-minded and skilled individuals, attorneys can do the same inside their LawFirmDAO. As a flat organization, everyone can propose ideas for vote, and if selected, chosen for action.

Legal DAO generator

Separate from this new partnership model created with a DAO, we will likely see DAOs created by law firms for their clients, which would allow for a coupling of current legal tech tools and blockchain. Issuance of a DAO could be done through an application like a contract automation tool; and for any company that wanted to create a DAO, the law firm would populate all applicable parameters – the name of the company and the token, number of tokens available, etc. – and then the firm could create the DAO, and, if necessary, file the business license with the appropriate state. (At the moment, only Wyoming has created laws around DAOs.)

Once this DAO has been created, another connected piece would be the voting mechanism. In this world, DAO participants would leverage their Web3 wallet to connect into the proposal and voting site. Once on the site, members would be able to vote on current ideas or propose actionable matters themselves. Each of these actions is stored on a blockchain that is inherently provable and verifiable.

The LawFirmDAO could be the future direction of equitable, democratic, transparent law firms that all parties can buy into through a Web3 DAO token. The fostering of community and innovation that this structure will birth could be transformative.