Compliance Challenges and Risks Facing Web3 Project Structural Design

In the past decade, the structural design of Web3 projects has primarily been risk-averse. These designs include overseas funds, foundations, DAO governance, and multi-location registrations, which not only meet the needs for governance optimization and efficiency but also serve as strategies to cope with regulatory uncertainties, creating a gray area for project parties that allows for both entry and exit.

However, in recent years, this strategic structural design has been failing. Major global regulators have begun to shift their focus from superficial appearances to in-depth examination of actual control. New regulatory rules place greater emphasis on the actual operational methods of projects, the identity of the leaders, and the flow of funds, rather than merely focusing on registration forms.

This article will analyze two common high-risk structures: the superficially neutral but actually dominant foundation structure and the nominally existing DAO governance.

"Surface Neutrality, Actual Dominance" Foundation Structure

Many project parties have previously adopted a "foundation-led" model to evade regulatory responsibilities. These foundations are usually registered in places like the Cayman Islands, Singapore, or Switzerland, ostensibly operating independently, but in reality, they are still controlled by the project's founding team regarding code, funds, and governance processes.

With the regulatory shift towards the "substantive control" principle, such structures have become the focus of scrutiny. If regulators determine that the foundation lacks substantive independence, project founders may be considered the actual issuers or operators of the tokens, thereby facing the constraints of securities laws or regulations related to illegal fundraising.

For example, Synthetix proactively liquidated its Singapore-registered foundation at the beginning of 2023, returning the governance structure to the DAO and establishing a dedicated entity to manage core functions to address potential regulatory risks.

Another typical case is Terra (LUNA). Although Terraform Labs claimed that Luna Foundation Guard (LFG) independently managed reserve assets, in reality, LFG was fully controlled by the Do Kwon team. In the SEC's allegations in the United States, LFG failed to provide effective legal separation, and Do Kwon remains liable as the actual issuer.

The Monetary Authority of Singapore has clearly stated in the DTSP framework that it does not accept "absentee" foundation structures. Only foundations that have actual operational capabilities and independent governance mechanisms may serve as effective legal isolation tools. Therefore, foundations are not a liability shield; if the project party retains core authority, the foundation will be considered a tool that conceals actual control rather than a liability isolation mechanism.

The "Shellization" of DAO Governance

Decentralized governance should be a key mechanism for Web3 projects to break traditional single-point control and achieve the decentralization of authority and responsibility. However, in practice, many DAO governance structures have become severely "hollowed out". Common issues include proposals being initiated solely by the project team, voting being controlled by internal wallets, and pass rates approaching 100%, reducing community voting to a mere formality.

This governance model of "decentralized appearance + centralized essence" is becoming a focal point for regulatory agencies. Once a project faces legal accountability, if the DAO cannot prove its substantive governance capabilities and transparent processes, regulators may directly view the project party as the actual controller, rather than an exempted "product of community consensus."

In 2022, in the case of the CFTC suing Ooki DAO, it was the first time a lawsuit was initiated against the DAO itself, clearly stating that the DAO "is not exempt from liability due to its technical structure." Although the project party has transferred operational authority to the DAO governance contract, the main proposals are predominantly initiated and driven by the former operational team, and the voting mechanism is highly centralized. Ultimately, the CFTC listed the former team members alongside Ooki DAO as defendants, deeming it an "illegal derivatives trading platform."

This case indicates that a DAO cannot automatically assume liability isolation functions. Only when the governance structure possesses genuine distributed decision-making capabilities can regulation potentially acknowledge its independence.

Both the SEC and CFTC in the United States have indicated that they will focus on the "substance of governance" and "concentration of interests" of DAOs, and will no longer accept shell governance claims that rely solely on "on-chain voting contracts." Therefore, DAOs are not a liability shield. If the governance process cannot operate independently and actual power remains concentrated in the hands of the original team, "decentralization" will not constitute a transfer of liability in a legal sense.

Conclusion

The compliance challenges of Web3 projects are not only about whether a specific structure has been established, but also about whether these structures are genuinely operational and whether responsibilities and rights are clearly defined. The two organizational forms often regarded as "compliance protection layers," foundations and DAOs, may in fact become entry points for risk exposure in the eyes of regulators.

Project parties need to recognize that superficial evasion measures may be seen by regulatory agencies as evidence of intentional evasion. A truly resilient governance structure should achieve power transparency and multi-party checks and balances from rule design, voting mechanisms to actual implementation.