Staking-as-a-Service (SaaS) is a broker-dealer. The SEC's Howey Test analysis focuses on the economic reality of the service, not its technical label. When a provider like Coinbase or Kraken pools user assets, markets a yield, and executes validation, it performs the classic functions of an intermediary.
the-sec-vs-crypto-legal-battles-analysis
Blog
Why Staking-as-a-Service Invites Broker-Dealer Regulation
An analysis of how centralized staking providers like Coinbase and Lido replicate traditional financial intermediary functions, creating a clear path for SEC enforcement under existing broker-dealer frameworks.
introduction
THE REGULATORY TRAP
Introduction
Staking-as-a-Service is a functional broker-dealer, inviting direct SEC enforcement.
The legal risk is structural, not incidental. This differs from pure software providers like Lido or Rocket Pool, where the protocol's smart contracts are the principal actor. SaaS centralizes control, creating a clear counterparty for regulators to target, as seen in the SEC's 2023 action against Kraken.
Evidence: The SEC's settlement with Kraken forced a shutdown of its U.S. staking program and imposed a $30 million penalty, establishing a direct precedent that SaaS offerings are investment contracts requiring registration.
key-trends
STAAS REGULATORY RISK
The Regulatory Convergence: Three Inescapable Trends
Staking-as-a-Service is not a neutral utility; it is a financial service that increasingly fits the profile of a regulated broker-dealer.
01
The Investment Contract Test: Howey's Long Shadow
Regulators view pooled staking as a common enterprise where profits are derived from the efforts of a third party. The SEC's actions against Kraken and Coinbase establish a clear precedent.
- Key Risk: Offering a yield on a pooled asset is a textbook security.
- Key Precedent: The SEC's 2023 settlement with Kraken explicitly targeted its staking program.
100%
SEC Focus
$30M
Kraken Fine
02
The Custody & Control Dilemma
Most StaaS providers retain sole custody of validator keys and exercise complete control over funds. This mirrors the function of a traditional broker-dealer holding customer assets.
- Key Risk: Centralized control triggers custody rules under the Securities Exchange Act.
- Key Consequence: Providers become liable for safeguarding assets, requiring stringent compliance and capital reserves.
24/7
Slasher Risk
$10B+
TVL at Risk
03
The Marketing of Yield as a Product
Promoting "yield" or "rewards" transforms a technical service into a financial product offering. This marketing language is a direct signal to regulators like the SEC and FINRA.
- Key Risk: Advertising predictable returns is the hallmark of a securities offering.
- Key Mitigation: Protocols like Lido and Rocket Pool shift narrative to decentralized, non-custodial participation.
~5% APY
Advertised Rate
2x
Scrutiny Multiplier
thesis-statement
THE REGULATORY REALITY
The Core Argument: SaaS is a Broker-Dealer Function
Staking-as-a-Service providers perform the exact economic functions that trigger broker-dealer registration under the Howey Test and the Securities Exchange Act.
SaaS providers are intermediaries that solicit customer assets, pool them for investment, and derive profits from transaction-based fees. This mirrors the core activities of a traditional broker-dealer, which the SEC defines as any person engaged in the business of effecting securities transactions for others.
The staking reward is a security. The SEC's enforcement actions against Kraken and Coinbase establish that staking programs are investment contracts. The SaaS provider's role in generating that yield is the regulated activity, not the underlying token.
Custody and control are decisive factors. Unlike solo staking via Lido or Rocket Pool, a centralized SaaS provider retains sole discretion over validator keys and slashing decisions. This level of discretionary asset management is a hallmark of broker-dealer conduct.
Evidence: The SEC's 2023 settlement with Kraken forced the shutdown of its U.S. staking service, with Chair Gensler stating it offered 'an investment contract to invest in [a] program.' This is the precedent.
STAKING-AS-A-SERVICE REGULATORY RISK
The Intermediary Playbook: A Comparative Analysis
How key operational models of Staking-as-a-Service (SaaS) providers map to traditional broker-dealer functions, creating regulatory exposure under the Howey Test and SEC's 'economic reality' doctrine.
| Regulatory Trigger / Feature | Non-Custodial SaaS (e.g., Lido, Rocket Pool) | Custodial SaaS (e.g., Coinbase, Kraken) | Solo Staking (User-Operated Validator) |
|---|---|---|---|
Customer Asset Custody | |||
Fee Collection & Profit Distribution | 10-15% of rewards | 15-25% commission | 0% (self-custody) |
Marketing as an 'Investment' | Implied via token rewards (e.g., stETH) | Explicit (advertised APY) | N/A (infrastructure operation) |
Centralized Managerial Effort | DAO-governed protocol | Corporate entity manages nodes, slashing | User manages node, keys, uptime |
Derivative Token Issuance (e.g., stETH, rETH) | |||
SEC Enforcement Action Precedent | Wells Notice (Lido, Rocket Pool) | Settled ($30M fine, Kraken) | |
Primary Regulatory Risk | Security status of liquid staking token | Unregistered securities offering & broker-dealer | Minimal (treated as infrastructure) |
User's Expectation of Profit | From protocol rewards + token appreciation | From advertised staking rewards | From network inflation rewards |
deep-dive
THE REGULATORY TRAP
The Slippery Slope: From Lido to Liquid Staking Tokens
Staking-as-a-Service protocols are structurally identical to broker-dealers, inviting direct SEC enforcement.
Lido and Rocket Pool are not just software. They are financial intermediaries that pool user assets, execute trades (staking), and issue derivative receipts (stETH, rETH). This is the exact operational definition of a broker-dealer under the Securities Exchange Act of 1934.
The SEC's Howey Test is secondary. The primary legal attack vector is the Exchange Act, which governs entities that 'effect transactions in securities for the account of others.' By accepting ETH and issuing a token representing a claim on staked ETH, these protocols are effecting securities transactions.
Counter-intuitively, decentralization is irrelevant. The SEC regulates the function, not the label. Uniswap's protocol is a tool; Lido's staking pool is a service. The service provider, whether a DAO or a foundation, is the regulated entity. The Lido DAO's fee structure and governance are a textbook case of a profit-seeking enterprise.
Evidence: The 2023 Kraken Settlement. The SEC charged Kraken's staking service as an unregistered securities offering. The agency's logic applies directly to liquid staking tokens (LSTs), which are programmatic, on-chain versions of the same service. Lido's 32% Ethereum staking share presents a systemic risk the SEC will not ignore.
risk-analysis
WHY STAKING-AS-A-SERVICE IS A TARGET
The Bear Case: Catalysts for Enforcement
The SEC's core thesis is that staking services offered to US persons are unregistered securities offerings. These are the specific mechanics that make the case.
01
The Howey Test: Investment of Money in a Common Enterprise
Staking-as-a-Service (SaaS) providers pool user assets to run validators, creating a textbook "common enterprise." The SEC argues users expect profits solely from the managerial efforts of the provider, not their own technical work.
- Pooled Capital: User ETH is aggregated into a single validator, indistinguishable from a fund.
- Passive Income: The user's role is purely financial; the provider handles all node operations, slashing risk, and software updates.
- Marketing as Yield: Services are advertised based on APY, framing it as a return on investment, not a network service fee.
~100%
Of Major SaaS
SEC v. Coinbase
Key Precedent
02
The Broker-Dealer Nexus: Facilitating Transactions for Reward
By accepting customer assets and distributing staking rewards, SaaS providers act as intermediaries in a securities transaction chain. This triggers broker-dealer registration requirements under the Exchange Act.
- Asset Custody: Providers control the private keys for the staked assets, a core broker-dealer function.
- Reward Distribution: They calculate and disburse "dividend-like" payments to users.
- Marketing & Solicitation: Active promotion of the staking service constitutes solicitation of securities transactions.
Rule 3a4-1
SEC Rule
No Registration
Current Status
03
The Centralization Catalyst: Too Big to Ignore
Major providers like Lido, Coinbase, Kraken, and Binance control dominant validator shares, creating systemic risk and a clear, high-value enforcement target for regulators.
- Lido's ~30% of Ethereum validators presents a network security risk the SEC can frame as a public concern.
- Concentrated Points of Failure: Enforcement against a few large entities is more efficient than policing thousands of solo stakers.
- Visible On-Chain Footprint: The public nature of blockchain makes these entities' dominance irrefutable evidence for regulators.
~30%
Lido Dominance
$40B+
Collective TVL
04
The Precedent: Kraken's $30M Settlement
The SEC's 2023 action against Kraken established the legal playbook. Kraken's service was shut down for US customers, creating a template for future enforcement.
- Admission of Fault: Kraken settled without admitting/denying guilt, but the order details the SEC's exact objections.
- Key Cited Features: The order highlighted programmatic staking, pooled assets, and promotion of returns.
- Remedial Blueprint: The settlement terms (cease-and-desist, disgorgement, penalty) map the path for actions against Coinbase, Binance, and others.
$30M
Settlement
Feb 2023
Date
05
The Regulatory Arbitrage Illusion
Providers claiming non-US entity structures or vague disclaimers offer little protection. The SEC applies a "conduct and effects" test—if the service is offered to US persons, US law applies.
- IP & KYC Gaps: Geo-blocking is trivial to bypass; the SEC pursues entities it deems to have "minimum contacts" with the US.
- Global Precedent Risk: A US ruling influences regulators in the UK's FCA, EU's MiCA, and other jurisdictions, triggering a domino effect.
- Bank Secrecy Act (BSA) Exposure: Unregistered money transmission and AML violations provide additional enforcement hooks for the DOJ and FinCEN.
Conduct & Effects
Legal Test
Multi-Agency
Enforcement Risk
06
The Structural Alternative: Non-Custodial & DeFi Protocols
The regulatory attack is not on staking itself, but on the custodial, intermediating model. This creates a bull case for truly decentralized alternatives like Rocket Pool, Lido's future decentralized validator tech (DVT), and EigenLayer.
- User-Controlled Keys: Protocols where users retain validator key control (e.g., via SSV Network, Obol) may evade the "common enterprise" definition.
- Permissionless Node Operators: Decentralized operator sets reduce reliance on a single managerial entity.
- The Regulatory Hedge: The enforcement catalyst accelerates capital migration towards credibly neutral, protocol-native staking infrastructure.
Rocket Pool
Example
DVT
Key Tech
counter-argument
THE REGULATORY TRAP
The Steelman: Why This Time Is Different (And Why It's Not)
Staking-as-a-Service's evolution from simple delegation to active financial intermediation creates an unavoidable on-chain footprint that invites SEC classification as a broker-dealer.
The Howey Test is irrelevant. The SEC's primary attack vector is not the staked asset itself, but the service's economic reality. When a provider like Coinbase or Lido aggregates capital, executes trades (e.g., validator selection/rotation), and distributes yields, it performs the classic functions of a securities intermediary.
On-chain transparency is a liability. Unlike opaque TradFi brokers, every action by an SaaS operator like Figment or Chorus One is recorded on a public ledger. This creates an immutable, auditable trail of transaction-based activities that the SEC uses to establish broker status under Section 3(a)(4) of the Exchange Act.
The counter-argument fails. Proponents claim non-custodial models (e.g., Rocket Pool's node operator system) provide a shield. This is wrong. The legal entity coordinating the network, marketing the service, and collecting fees remains the central facilitator of securities transactions, regardless of technical decentralization.
Evidence: The Kraken Precedent. The SEC's 2023 settlement with Kraken explicitly cited its staking service's offering of "an investment contract in the form of a staking-as-a-service program." The complaint detailed its profit-sharing model and marketing as key factors, a blueprint now applicable to any SaaS with similar features.
FREQUENTLY ASKED QUESTIONS
FAQ: Builder and Investor Implications
Common questions about the regulatory and technical risks of Staking-as-a-Service (SaaS) for builders and investors.
Yes, most SaaS models likely constitute an investment contract under the Howey Test. The SEC argues users provide capital (ETH) to a common enterprise (the SaaS pool) expecting profits from the managerial efforts of the operator. This is why platforms like Lido Finance and Coinbase face intense scrutiny, as their staking rewards are derived from their operational work.
takeaways
STAKING REGULATORY RISK
TL;DR: Strategic Takeaways for Builders and Investors
The SEC's enforcement actions against centralized staking services signal a clear regulatory vector. Ignoring this invites existential risk.
01
The SEC's Howey Test for Staking
The SEC views pooled staking services as investment contracts. The user provides an asset (ETH) to a common enterprise (the pool) with an expectation of profit (rewards) derived from the efforts of others (the operator's validation services). This is a textbook security.
- Key Risk: Enforcement actions like those against Kraken and Coinbase create a chilling effect.
- Mitigation: Decentralized, non-custodial models or pure software tooling are the only safe harbors.
100%
Of SEC Targets
3-Prong
Howey Test
02
The Broker-Dealer Trap for SaaS Platforms
Staking-as-a-Service providers that custody assets, aggregate users, and distribute rewards are functionally acting as broker-dealers. This triggers a host of registration, reporting, and compliance obligations under the Securities Exchange Act of 1934.
- Operational Burden: Requires FINRA membership, net capital rules, and extensive KYC/AML.
- Strategic Implication: This regulatory overhead destroys the capital efficiency and agility that made the model attractive, favoring large, incumbent financial institutions.
$10B+
TVL at Risk
0
Registered Crypto BDs
03
The Path Forward: Non-Custodial Infrastructure
The viable future is infrastructure that enables staking without intermediating the asset or the reward stream. Think SSV Network, Obol Network, or EigenLayer for restaking—they provide software, not a service contract.
- Builder Mandate: Architect as pure middleware. The user's keys never leave their client.
- Investor Lens: Back protocols that enable permissionless participation, not centralized gatekeepers. The regulatory moat is the code, not the license.
0%
Asset Custody
100%
User Sovereignty
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall