CFTC No-Action Letter for Self-Custodial Crypto Wallet Reflects Shift in Regulatory Approach
On March 17, 2026, the Division of Enforcement of the Commodity Futures Trading Commission (CFTC) issued a no-action letter (Letter) to Phantom Technologies Inc., a developer of self-custodial crypto asset wallet software, confirming that if Phantom adhered to certain conditions the Division would not recommend enforcement action for failure to register as an introducing broker.[1] The Letter represents a trend at the CFTC to shift toward a more lenient regulatory approach to certain service providers, especially in the crypto space.
The Letter concerns registration requirements for non-custodial crypto wallet software that facilitates access to new derivative products, such as event contracts and perpetual futures. Importantly, Phantom’s software would connect users to registered designated contract markets (DCMs), futures commissions merchants, (FCMs) or introducing brokers (IBs) (“collaborators,” collectively) that offer these products. The Letter addresses the question of whether Phantom must also register as an IB, by virtue of its role in facilitating trades between users and collaborators. The CFTC’s answer was, “no”—for now.
The CFTC is working on formal guidance and rules for the crypto industry. In the interim, the Letter informs Phantom that the CFTC will not recommend immediate enforcement action for Phantom’s failure to register, so long as Phantom voluntarily adheres to the core obligations of registered entities, and so long as the duly registered participants to which Phantom connects its users agree to be jointly and severally liable for violating CFTC regulations. So long as Phantom adheres to these requirements, the CFTC seems willing to allow Phantom to operate without registration, at least until formal guidance is issued.[2]
This approach marks a shift from the approach under the prior administration, which demanded that crypto entities register and employed enforcement actions for the failure to do so.
Background
Phantom offers self-custodial crypto wallet software as a mobile application or web interface. Phantom does not provide custody services for crypto assets. Rather, it acts more like a password manager for users to custody their own assets. Phantom also provides a user interface for customers to transmit transaction instructions to crypto asset trading protocols and other decentralized applications. Phantom now proposes to connect its users to one or more “collaborator” DCMs, FCMs, or IBs, providing a user interface through which users could place trades with registered participants in exchange for a fee. In requesting no-action from the CFTC, Phantom sought flexibility to directly connect users with one or multiple collaborators, and to either share in the collaborator’s fees or charge a transaction fee directly to its users.
Under the Commodity Exchange Act (CEA), an introducing broker (IB) is any person who, “for compensation or profit, is engaged in soliciting or accepting orders for the purchase or sale of, among other financial products, any commodity for future delivery. ”[3] IBs must register with the CFTC—in practice, with the National Futures Association (NFA)—as must any associated persons authorized to act on an IB’s behalf.[4] Historically, the CFTC has read “soliciting or accepting orders” broadly, capturing the kind of indirect facilitation that digital asset wallet software typically provides.[5]
In the early 2000s, the Division carved out a narrow safe harbor through interpretive letters issued to select Technology Service Vendors (TSVs), insulating sufficiently passive platforms from IB registration requirements.[6] There were several limitations on the relief provided to TSVs, however, including that the user had to have a pre-existing relationship with the registered market participant; and the TSV could not generate buy/sell signals, exercise discretion in routing or executing transactions, or charge transaction-based fees.
The Phantom letter draws on the CFTC’s TSV precedent, but recognizes that Phantom’s proposal extends beyond prior interpretations by, among other things, proposing to introduce users to one or more collaborators rather than passively facilitating a preexisting relationship, and proposing to collect fees from either side of the transaction.
To support its no-action determination, the CFTC focused on certain things that Phantom software would not be permitted to do, including:
-
- Taking custody of user assets;
- Generating buy or sell signals;
- Exercising discretion over the routing or execution of individual transactions.
The Letter does not conclude that Phantom’s proposed activities fall outside the CFTC’s regulatory purview. Instead, the Letter offers a bargain: CFTC will not pursue an enforcement action for failure to register with the CFTC so long as Phantom acknowledges the CFTC’s jurisdiction and conducts itself, in several core respects, as if it were registered.
The Bargain: Act As If Registered Without Registering
In exchange for relief from possible enforcement action for failure to register as an IB, the no-action letter imposes ten conditions on Phantom.[7] The key obligations are:
-
- Disclosures: Adopt policies and procedures covering disclosures—including fee disclosures—compliant with the CEA, CFTC regulations, and NFA rules.
- Customer acknowledgment: Obtain a record of customer agreement to those disclosures.
- Marketing restrictions: Comply with marketing and advertising limitations, generally confined to materials that don’t require pre-approval.
- Accept jurisdiction: Consent to CFTC jurisdiction and liability.
- Joint and several liability: Agree in writing with each collaborator to joint and several liability for violations of the CEA or CFTC regulations—ensuring there is always a registered entity on the hook.
Together, these measures provide a mechanism for compliance with the core requirements of a registered IB despite not being registered, with the view that these obligations by Phantom retain the substantive protections of the CEA.
Notably, if Phantom is able to comply with those substantive protections, the Letter affords Phantom substantial flexibility in how it structures its software and its relationships with market participants, including the ability to:
-
- Offer services as a standalone application or as an embedded feature in an existing product
- Pass users directly to a DCM, or indirectly through a FCM or IB
- Collect fees from either side, either directly from its users or by sharing in fees charged by the DCM/FCM/IB collaborator
Key Takeaways
Strictly speaking, the no-action letter applies only to Phantom, but it sends a signal to the market more broadly. The CFTC has jurisdiction over new derivative markets and expects adherence to core protections such as adequate disclosures. But it is no longer looking to implement an “early and often” approach to enforcement while formal rules are drafted and promulgated.
If it is unclear how the CEA’s requirements apply to a new business, it is worth engaging with counsel to explore whether it makes sense to approach the CFTC Staff with a plan for how novel business models can comply with the core requirements of registered entities while still remaining responsive to today’s market.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Background
Phantom offers self-custodial crypto wallet software as a mobile application or web interface. Phantom does not provide custody services for crypto assets. Rather, it acts more like a password manager for users to custody their own assets. Phantom also provides a user interface for customers to transmit transaction instructions to crypto asset trading protocols and other decentralized applications. Phantom now proposes to connect its users to one or more “collaborator” DCMs, FCMs, or IBs, providing a user interface through which users could place trades with registered participants in exchange for a fee. In requesting no-action from the CFTC, Phantom sought flexibility to directly connect users with one or multiple collaborators, and to either share in the collaborator’s fees or charge a transaction fee directly to its users.
Under the Commodity Exchange Act (CEA), an introducing broker (IB) is any person who, “for compensation or profit, is engaged in soliciting or accepting orders for the purchase or sale of, among other financial products, any commodity for future delivery. ”[3] IBs must register with the CFTC—in practice, with the National Futures Association (NFA)—as must any associated persons authorized to act on an IB’s behalf.[4] Historically, the CFTC has read “soliciting or accepting orders” broadly, capturing the kind of indirect facilitation that digital asset wallet software typically provides.[5]
In the early 2000s, the Division carved out a narrow safe harbor through interpretive letters issued to select Technology Service Vendors (TSVs), insulating sufficiently passive platforms from IB registration requirements.[6] There were several limitations on the relief provided to TSVs, however, including that the user had to have a pre-existing relationship with the registered market participant; and the TSV could not generate buy/sell signals, exercise discretion in routing or executing transactions, or charge transaction-based fees.
The Phantom letter draws on the CFTC’s TSV precedent, but recognizes that Phantom’s proposal extends beyond prior interpretations by, among other things, proposing to introduce users to one or more collaborators rather than passively facilitating a preexisting relationship, and proposing to collect fees from either side of the transaction.
To support its no-action determination, the CFTC focused on certain things that Phantom software would not be permitted to do, including:
-
- Taking custody of user assets;
- Generating buy or sell signals;
- Exercising discretion over the routing or execution of individual transactions.
The Letter does not conclude that Phantom’s proposed activities fall outside the CFTC’s regulatory purview. Instead, the Letter offers a bargain: CFTC will not pursue an enforcement action for failure to register with the CFTC so long as Phantom acknowledges the CFTC’s jurisdiction and conducts itself, in several core respects, as if it were registered.
The Bargain: Act As If Registered Without Registering
In exchange for relief from possible enforcement action for failure to register as an IB, the no-action letter imposes ten conditions on Phantom.[7] The key obligations are:
-
- Disclosures: Adopt policies and procedures covering disclosures—including fee disclosures—compliant with the CEA, CFTC regulations, and NFA rules.
- Customer acknowledgment: Obtain a record of customer agreement to those disclosures.
- Marketing restrictions: Comply with marketing and advertising limitations, generally confined to materials that don’t require pre-approval.
- Accept jurisdiction: Consent to CFTC jurisdiction and liability.
- Joint and several liability: Agree in writing with each collaborator to joint and several liability for violations of the CEA or CFTC regulations—ensuring there is always a registered entity on the hook.
Together, these measures provide a mechanism for compliance with the core requirements of a registered IB despite not being registered, with the view that these obligations by Phantom retain the substantive protections of the CEA.
Notably, if Phantom is able to comply with those substantive protections, the Letter affords Phantom substantial flexibility in how it structures its software and its relationships with market participants, including the ability to:
-
- Offer services as a standalone application or as an embedded feature in an existing product
- Pass users directly to a DCM, or indirectly through a FCM or IB
- Collect fees from either side, either directly from its users or by sharing in fees charged by the DCM/FCM/IB collaborator
Key Takeaways
Strictly speaking, the no-action letter applies only to Phantom, but it sends a signal to the market more broadly. The CFTC has jurisdiction over new derivative markets and expects adherence to core protections such as adequate disclosures. But it is no longer looking to implement an “early and often” approach to enforcement while formal rules are drafted and promulgated.
If it is unclear how the CEA’s requirements apply to a new business, it is worth engaging with counsel to explore whether it makes sense to approach the CFTC Staff with a plan for how novel business models can comply with the core requirements of registered entities while still remaining responsive to today’s market.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
[1] CFTC No-Action Letter, No. 26-09 (Mar. 17, 2026), available at https://www.cftc.gov/csl/26-09/download.
[2] Id. at 1, 5.
[3] Id. at 2 & n.6 (citing 7 U.S.C. § 1a(31)).
[4] See id. at 2.
[5] See id. at 2 n.8.
[6] Id. at 2 & n.9.
[7] Id. at 5-6.
Footnotes
[1] CFTC No-Action Letter, No. 26-09 (Mar. 17, 2026), available at https://www.cftc.gov/csl/26-09/download.
[2] Id. at 1, 5.
[3] Id. at 2 & n.6 (citing 7 U.S.C. § 1a(31)).
[4] See id. at 2.
[5] See id. at 2 n.8.
[6] Id. at 2 & n.9.
[7] Id. at 5-6.
Related Attorneys
Related Articles
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
On March 17, 2026, the Division of Enforcement of the Commodity Futures Trading Commission (CFTC) issued a no-action letter (Letter) to Phantom Technologies Inc., a developer of self-custodial crypto asset wallet software, confirming that if Phantom adhered to certain conditions the Division would not recommend enforcement action for failure to register as an introducing broker.[1] The Letter represents a trend at the CFTC to shift toward a more lenient regulatory approach to certain service providers, especially in the crypto space.
The Letter concerns registration requirements for non-custodial crypto wallet software that facilitates access to new derivative products, such as event contracts and perpetual futures. Importantly, Phantom’s software would connect users to registered designated contract markets (DCMs), futures commissions merchants, (FCMs) or introducing brokers (IBs) (“collaborators,” collectively) that offer these products. The Letter addresses the question of whether Phantom must also register as an IB, by virtue of its role in facilitating trades between users and collaborators. The CFTC’s answer was, “no”—for now.
The CFTC is working on formal guidance and rules for the crypto industry. In the interim, the Letter informs Phantom that the CFTC will not recommend immediate enforcement action for Phantom’s failure to register, so long as Phantom voluntarily adheres to the core obligations of registered entities, and so long as the duly registered participants to which Phantom connects its users agree to be jointly and severally liable for violating CFTC regulations. So long as Phantom adheres to these requirements, the CFTC seems willing to allow Phantom to operate without registration, at least until formal guidance is issued.[2]
This approach marks a shift from the approach under the prior administration, which demanded that crypto entities register and employed enforcement actions for the failure to do so.
Background
Phantom offers self-custodial crypto wallet software as a mobile application or web interface. Phantom does not provide custody services for crypto assets. Rather, it acts more like a password manager for users to custody their own assets. Phantom also provides a user interface for customers to transmit transaction instructions to crypto asset trading protocols and other decentralized applications. Phantom now proposes to connect its users to one or more “collaborator” DCMs, FCMs, or IBs, providing a user interface through which users could place trades with registered participants in exchange for a fee. In requesting no-action from the CFTC, Phantom sought flexibility to directly connect users with one or multiple collaborators, and to either share in the collaborator’s fees or charge a transaction fee directly to its users.
Under the Commodity Exchange Act (CEA), an introducing broker (IB) is any person who, “for compensation or profit, is engaged in soliciting or accepting orders for the purchase or sale of, among other financial products, any commodity for future delivery. ”[3] IBs must register with the CFTC—in practice, with the National Futures Association (NFA)—as must any associated persons authorized to act on an IB’s behalf.[4] Historically, the CFTC has read “soliciting or accepting orders” broadly, capturing the kind of indirect facilitation that digital asset wallet software typically provides.[5]
In the early 2000s, the Division carved out a narrow safe harbor through interpretive letters issued to select Technology Service Vendors (TSVs), insulating sufficiently passive platforms from IB registration requirements.[6] There were several limitations on the relief provided to TSVs, however, including that the user had to have a pre-existing relationship with the registered market participant; and the TSV could not generate buy/sell signals, exercise discretion in routing or executing transactions, or charge transaction-based fees.
The Phantom letter draws on the CFTC’s TSV precedent, but recognizes that Phantom’s proposal extends beyond prior interpretations by, among other things, proposing to introduce users to one or more collaborators rather than passively facilitating a preexisting relationship, and proposing to collect fees from either side of the transaction.
To support its no-action determination, the CFTC focused on certain things that Phantom software would not be permitted to do, including:
-
- Taking custody of user assets;
- Generating buy or sell signals;
- Exercising discretion over the routing or execution of individual transactions.
The Letter does not conclude that Phantom’s proposed activities fall outside the CFTC’s regulatory purview. Instead, the Letter offers a bargain: CFTC will not pursue an enforcement action for failure to register with the CFTC so long as Phantom acknowledges the CFTC’s jurisdiction and conducts itself, in several core respects, as if it were registered.
The Bargain: Act As If Registered Without Registering
In exchange for relief from possible enforcement action for failure to register as an IB, the no-action letter imposes ten conditions on Phantom.[7] The key obligations are:
-
- Disclosures: Adopt policies and procedures covering disclosures—including fee disclosures—compliant with the CEA, CFTC regulations, and NFA rules.
- Customer acknowledgment: Obtain a record of customer agreement to those disclosures.
- Marketing restrictions: Comply with marketing and advertising limitations, generally confined to materials that don’t require pre-approval.
- Accept jurisdiction: Consent to CFTC jurisdiction and liability.
- Joint and several liability: Agree in writing with each collaborator to joint and several liability for violations of the CEA or CFTC regulations—ensuring there is always a registered entity on the hook.
Together, these measures provide a mechanism for compliance with the core requirements of a registered IB despite not being registered, with the view that these obligations by Phantom retain the substantive protections of the CEA.
Notably, if Phantom is able to comply with those substantive protections, the Letter affords Phantom substantial flexibility in how it structures its software and its relationships with market participants, including the ability to:
-
- Offer services as a standalone application or as an embedded feature in an existing product
- Pass users directly to a DCM, or indirectly through a FCM or IB
- Collect fees from either side, either directly from its users or by sharing in fees charged by the DCM/FCM/IB collaborator
Key Takeaways
Strictly speaking, the no-action letter applies only to Phantom, but it sends a signal to the market more broadly. The CFTC has jurisdiction over new derivative markets and expects adherence to core protections such as adequate disclosures. But it is no longer looking to implement an “early and often” approach to enforcement while formal rules are drafted and promulgated.
If it is unclear how the CEA’s requirements apply to a new business, it is worth engaging with counsel to explore whether it makes sense to approach the CFTC Staff with a plan for how novel business models can comply with the core requirements of registered entities while still remaining responsive to today’s market.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Background
Phantom offers self-custodial crypto wallet software as a mobile application or web interface. Phantom does not provide custody services for crypto assets. Rather, it acts more like a password manager for users to custody their own assets. Phantom also provides a user interface for customers to transmit transaction instructions to crypto asset trading protocols and other decentralized applications. Phantom now proposes to connect its users to one or more “collaborator” DCMs, FCMs, or IBs, providing a user interface through which users could place trades with registered participants in exchange for a fee. In requesting no-action from the CFTC, Phantom sought flexibility to directly connect users with one or multiple collaborators, and to either share in the collaborator’s fees or charge a transaction fee directly to its users.
Under the Commodity Exchange Act (CEA), an introducing broker (IB) is any person who, “for compensation or profit, is engaged in soliciting or accepting orders for the purchase or sale of, among other financial products, any commodity for future delivery. ”[3] IBs must register with the CFTC—in practice, with the National Futures Association (NFA)—as must any associated persons authorized to act on an IB’s behalf.[4] Historically, the CFTC has read “soliciting or accepting orders” broadly, capturing the kind of indirect facilitation that digital asset wallet software typically provides.[5]
In the early 2000s, the Division carved out a narrow safe harbor through interpretive letters issued to select Technology Service Vendors (TSVs), insulating sufficiently passive platforms from IB registration requirements.[6] There were several limitations on the relief provided to TSVs, however, including that the user had to have a pre-existing relationship with the registered market participant; and the TSV could not generate buy/sell signals, exercise discretion in routing or executing transactions, or charge transaction-based fees.
The Phantom letter draws on the CFTC’s TSV precedent, but recognizes that Phantom’s proposal extends beyond prior interpretations by, among other things, proposing to introduce users to one or more collaborators rather than passively facilitating a preexisting relationship, and proposing to collect fees from either side of the transaction.
To support its no-action determination, the CFTC focused on certain things that Phantom software would not be permitted to do, including:
-
- Taking custody of user assets;
- Generating buy or sell signals;
- Exercising discretion over the routing or execution of individual transactions.
The Letter does not conclude that Phantom’s proposed activities fall outside the CFTC’s regulatory purview. Instead, the Letter offers a bargain: CFTC will not pursue an enforcement action for failure to register with the CFTC so long as Phantom acknowledges the CFTC’s jurisdiction and conducts itself, in several core respects, as if it were registered.
The Bargain: Act As If Registered Without Registering
In exchange for relief from possible enforcement action for failure to register as an IB, the no-action letter imposes ten conditions on Phantom.[7] The key obligations are:
-
- Disclosures: Adopt policies and procedures covering disclosures—including fee disclosures—compliant with the CEA, CFTC regulations, and NFA rules.
- Customer acknowledgment: Obtain a record of customer agreement to those disclosures.
- Marketing restrictions: Comply with marketing and advertising limitations, generally confined to materials that don’t require pre-approval.
- Accept jurisdiction: Consent to CFTC jurisdiction and liability.
- Joint and several liability: Agree in writing with each collaborator to joint and several liability for violations of the CEA or CFTC regulations—ensuring there is always a registered entity on the hook.
Together, these measures provide a mechanism for compliance with the core requirements of a registered IB despite not being registered, with the view that these obligations by Phantom retain the substantive protections of the CEA.
Notably, if Phantom is able to comply with those substantive protections, the Letter affords Phantom substantial flexibility in how it structures its software and its relationships with market participants, including the ability to:
-
- Offer services as a standalone application or as an embedded feature in an existing product
- Pass users directly to a DCM, or indirectly through a FCM or IB
- Collect fees from either side, either directly from its users or by sharing in fees charged by the DCM/FCM/IB collaborator
Key Takeaways
Strictly speaking, the no-action letter applies only to Phantom, but it sends a signal to the market more broadly. The CFTC has jurisdiction over new derivative markets and expects adherence to core protections such as adequate disclosures. But it is no longer looking to implement an “early and often” approach to enforcement while formal rules are drafted and promulgated.
If it is unclear how the CEA’s requirements apply to a new business, it is worth engaging with counsel to explore whether it makes sense to approach the CFTC Staff with a plan for how novel business models can comply with the core requirements of registered entities while still remaining responsive to today’s market.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
[1] CFTC No-Action Letter, No. 26-09 (Mar. 17, 2026), available at https://www.cftc.gov/csl/26-09/download.
[2] Id. at 1, 5.
[3] Id. at 2 & n.6 (citing 7 U.S.C. § 1a(31)).
[4] See id. at 2.
[5] See id. at 2 n.8.
[6] Id. at 2 & n.9.
[7] Id. at 5-6.
Footnotes
[1] CFTC No-Action Letter, No. 26-09 (Mar. 17, 2026), available at https://www.cftc.gov/csl/26-09/download.
[2] Id. at 1, 5.
[3] Id. at 2 & n.6 (citing 7 U.S.C. § 1a(31)).
[4] See id. at 2.
[5] See id. at 2 n.8.
[6] Id. at 2 & n.9.
[7] Id. at 5-6.
Related Attorneys
Related Articles
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
News and Insights
Publications
In New York Law Journal, The True Lender Doctrine and the OppFi Decision
Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.
July 1, 2026
Event
Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference
On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.
July 1, 2026
Publications
In Employee Relations Law Journal: What Happens When ERISA Disability Deadlines Slip
Partner Joseph Torres along with Associates Emma O'Connor and Christopher LeWarne, authored an article for the Employee Relations Law Journal analyzing a significant Fourth Circuit decision with substantial consequences for ERISA disability plan administrators.
June 23, 2026