On 29 May 2025, Commissioner Caroline A. Crenshaw of the United States Securities and Exchange Commission (US SEC) issued a dissenting statement titled “Stake it Till You Make It?” criticising the contemporaneous statement issued by the US SEC Division of Corporation Finance titled “Statement on Certain Protocol Staking Activities” stating that certain protocol staking arrangements fall outside the scope of US federal securities laws. Crenshaw rebukes this staff position as legally flawed, inconsistent with SEC v. W.J. Howey Co. jurisprudence, and out of step with recent federal court decisions that upheld staking-as-a-service models as investment contracts. There is continuing legal uncertainty surrounding crypto staking models and Commissioner Caroline A. Crenshaw has called for substantive rulemaking over informal carve-outs. Crypto entities must treat this dissent as a judicially reinforced counterweight to staff guidance statement provided earlier. Business models that involve third-party infrastructure, pooled validation, or profit enhancement mechanisms require a full Howey analysis and should not be deemed exempt based on the US SEC Division’s statement.
Commissioner Crenshaw asserts that while the US SEC Division of Corporation Finance’s statement may reflect industry preference, it directly contradicts settled securities law. She points to multiple court rulings, including SEC v. Binance and SEC v. Coinbase, that validated the Commission’s enforcement theory on staking as an investment contract under Howey. She also references the quiet dismissal of these cases, warning that the court decisions themselves remain legally operative. US SEC Commissioner Crenshaw’s dissent reinforces that staking models may still fall within the securities definition even if an enforcement action is dropped. Dismissals for strategic or resource reasons do not invalidate legal reasoning upheld by courts. Crypto platforms offering staking services should initiate or update an internal legal opinion or ISO-compliant risk classification framework that integrates case law precedent and clearly delineates between passive returns and protocol-based participation.
The dissent refutes the US SEC Division of Corporation Finance’s assumption that protocol staking involves no entrepreneurial activity. Crenshaw argues that when entities build technical infrastructure, pool assets, and offer enhanced liquidity or loss protection, they are not merely executing protocol functions, they are creating managed investment schemes. She analogises this to the Gary Plastic case, where the packaging of traditional financial products into revenue-enhancing programs created investment contracts. ‘The use of automation, user-friendly interfaces, and scalable validator pools does not shield a service from Howey scrutiny if these enhancements drive profit expectancy through third-party efforts’. Crypto Entities operating validator infrastructure or offering staking-as-a-service should develop an internal control system compliant with ISO 37301 (Compliance Management Systems) and ISO 27036-4 (IT governance in cloud trust relationships) to document their role boundaries and mitigate misclassification risks.
Crenshaw challenges the US SEC Division of Corporation Finance’s portrayal of features like pooling, slashing coverage, and early unbonding as “ancillary.” She argues that these are precisely the kinds of risk and liquidity enhancements that courts have considered entrepreneurial efforts under Howey. She warns that mislabeling such services could lull users into false assumptions of protection. Convenience features that materially change reward delivery, user risk, or asset access may legally recharacterise staking as a managed financial product. Function, not framing, governs classification. Crypto businesses should maintain an ISO 31000-aligned enterprise risk register that documents how each staking service component interacts with securities law risk categories (e.g., profit inducement, investor expectation, control transfer).
Commissioner Crenshaw expresses concern that the Division’s vague exclusions—such as the undefined limits of staking discretion, create ambiguity for operators. Questions remain unanswered: Does re-staking of rewards trigger investment contract analysis? How are infrastructure-led staking strategies treated? Ambiguity in regulatory interpretation increases risk. When functions like automatic reward reinvestment or delegation-based validator selection occur, they must be documented, disclosed, and legally tested. Staking platforms should initiate a risk impact assessment under ISO/IEC 27005 that addresses all discretionary and automated functions in staking workflows. Compliance reviews should accompany product iterations.
Crenshaw criticises the US SEC Division of Corporation Finance’s use of terms like “custodian” and “ownership” in staking contexts, arguing these terms carry false regulatory connotations. In securities markets, custodians are subject to statutory controls that do not exist for staking services. Use of this language, she argues, invites users to assume protections that are not legally guaranteed. Misuse of regulated terminology such as “custody,” “ownership,” or “safekeeping” can mislead users and potentially trigger consumer protection violations. Language must match legal architecture. Crypto firms should audit all customer-facing documents using ISO 22458 (Consumer Vulnerability) standards and issue a lexicon of approved terms that reflect the true legal status of staking and custody.
The dissent further notes that many staking platforms use user agreements to imply security or segregation of assets during staking. However, these assurances often lack legal force in bankruptcy or fraud situations. Without regulatory protection, the disposition of customer assets remains uncertain. Reliance on private contractual language is not equivalent to legal protection. Asset segregation, recovery rights, and insolvency outcomes must be grounded in law, not suggested in disclaimers. Platforms should conduct a contract audit under ISO/IEC 27001 Annex A.18.1.4 (Privacy and Data Protection Agreements) to ensure all language related to asset handling, loss indemnity, and insolvency aligns with enforceable law and bankruptcy jurisprudence.
Commissioner Crenshaw closes by warning that informal statements from the US SEC Division of Corporation Finance do not provide market certainty or investor protection. Instead, they obscure legal risks, potentially create false security among participants, and fail the public mission of the US SEC. She calls for formal rulemaking, clear enforcement guidance, and an accurate portrayal of how staking programs function in reality. Informal guidance is not a replacement for regulation. Until the US SEC adopts formal rules on staking, firms must navigate a fractured legal terrain with both internal prudence and external legal defensibility. Entities engaged in any form of staking should adopt an enterprise-wide staking compliance framework anchored in ISO 37301, with continuous legal monitoring of judicial trends and US SEC-level actions. Internal audit functions should routinely test whether staking operations, communications, and risk disclosures remain compliant with both staff guidance and judicial precedent.
(Source: https://www.sec.gov/newsroom/speeches-statements/crenshaw-statement-protocol-staking-052925)
