The three underlying logics behind the CLARITY replacement amendment: What grand strategy is the US crypto regulator playing?

Author: Spinach

On the morning of May 14, 2026, the Senate Banking Committee was marking up a 309-page document—the Senate alternative amendment to the Clarity Act. This was the most crucial step taken by the bill in ten months since it passed the House of Representatives by a vote of 294 to 134 last July.

But if you strip away all the legal veneer, this text is really only doing one thing:

- Recognize that crypto assets meet the definition of "securities," and then create a separate set of rules for them that are not governed by securities laws.

This sounds like a paradox. But it is precisely the essence of this bill— not to overturn Howey, not to rewrite the securities law, not to abolish bank deposit protection, but to carve out new categories alongside these existing rules.

The entire text is a repetition of this "hole-punching" technique three times.

Strictly speaking, this isn't "that" CLARITY bill either. The one passed by the House of Representatives last July didn't include the category of "ancillary assets," didn't have a stablecoin interest rate ban, and didn't wrest as much jurisdiction from the SEC to the CFTC.

This Senate alternative is the result of Tim Scott and Cynthia Lummis substantially rewriting it over the past ten months.

To help you understand the new CLARITY alternative, we've outlined the three underlying principles behind it.

Understanding these three points will give you a comprehensive understanding of the entire chessboard for US crypto regulation over the next two years.

First, instead of overthrowing Howey, dig a hole next to it.

The biggest problem for US crypto regulation over the past decade has been the Howey test of 1946—"a reasonable expectation of gain through the efforts of others." This test is an indisputable cornerstone of case law, but it also happens to frame almost all tokens as securities.

The SEC's lawsuits against Ripple, Coinbase, and Binance all stem from this.

The CLARITY alternative didn't oust Howey. It did something else:

- Create a completely new legal category called ancillary asset.

In simple terms: a token whose value depends on the "entrepreneurial or managerial efforts" of the issuer or core team is an ancillary asset.

Note this definition—it acknowledges the existence of the kind of "relationship dependent on the efforts of others" that Howey described.

Admittedly! Then, the bill establishes a separate rule specifically for this kind of thing:

The issuance itself is legally recognized as "involving securities," but once a token is issued, it is no longer a security. It is an ancillary asset, governed by disclosure rules rather than registration rules.

This is like a legal parent saying, "I acknowledge that you gave birth to this child, but from the very first second of his life, he is no longer under your jurisdiction."

Isn't it a bit absurd? Yes. But this is the standard practice in American legislation to solve the "want it all" dilemma: instead of overturning the cornerstone of case law (which is impossible and unnecessary), they use a new category of codified law to circumvent it.

So, the common saying that CLARITY makes tokens "no longer securities" is a lazy summary. The accurate statement is: CLARITY created an intermediate layer with a "disclosure obligation density lower than securities but higher than commodities," specifically designed to house things that are neither like stocks nor like corn.

The downstream impact of this logic is structural. The legal path for projects to distribute tokens within the United States will become clearer, eliminating the need to go through the hassle of SAFT, Reg D, and Reg S.

More importantly— the United States is finally going to give tokens a legal status.

It's no longer a Schrödinger's cat situation where "if the SEC sues you today, it's a securities firm; if you settle tomorrow, it's not."

An interesting detail is included: the bill contains a very carefully worded clause—a token will not be considered an ancillary asset if it is already the principal asset of an ETF listed on a U.S. national stock exchange on January 1, 2026.

Please allow me to pause for a moment. The BTC and ETH spot ETFs were approved in January and July 2024, respectively, and were already operating steadily by early 2026.

This clause is equivalent to "recognizing" at the legislative level that you two are not only not securities, but you don't even fall into the sub-category of ancillary assets.

The cleanest legal standing. No names mentioned, but the answer is spot on. A quintessentially American solution.

II. The Compliance Watershed in DeFi: Code is Code, Operators are Operators

This is the most damaging line of logic in the entire bill to practitioners—and also the most often misunderstood. On the surface, it distinguishes between "real DeFi" and "fake DeFi," but the real distinction lies with another group— the protocol itself and the people operating it.

- Code, nodes, wallets, and pure algorithmic logic belong to the former and are not subject to securities laws;

- Those who control, modify, or review agreements fall under the latter category and are subject to its jurisdiction.

This sounds simple, but it didn't exist in the past decade.

The SEC's argument in the Coinbase, Binance, and Uniswap cases has always been that "the protocol is the product, and the product is an extension of the issuer" —this logic makes no distinction between "protocol" and "operator".

The CLARITY alternative version drew this line at the legislative level for the first time.

How exactly do you draw it? In two directions.

The first direction is towards "fake DeFi"—drawing a warning line for operators.

The bill provides a textbook definition of DeFi protocols: participants execute financial transactions based on pre-set, non-discretionary algorithms, and no one other than the user holds or controls the assets.

Then it defines what constitutes "fake DeFi"—anyone that meets any of the following criteria is considered "fake DeFi":

- There exists an individual or group that can control or significantly alter the protocol's functionality, operation, or consensus rules;

- The protocol does not operate solely based on pre-defined, transparent rules in the source code;

- There may be individuals or groups who can censor, restrict, or prohibit the use of the protocol through protocol operations.

Once you are identified as a "fake DeFi" and your activities fall under the category of securities, you will be required to register, disclose, and be regulated under the 1934 Act, and will be subject to anti-money laundering obligations.

Ask yourself honestly: Is the admin key in the multi-signature database for your so-called DEX with DAO governance? Are most of the multi-signature members from the core team? Can protocol parameter upgrades be approved simply by core team proposals and votes? Is the front-end managed by the core team?

If the answer to any of the above questions is "yes", then according to the standards of this bill, you are most likely a "fake DeFi" user.

The bill includes a very clever safe harbor—the Emergency Safety Committee exception.

You can retain an emergency pause mechanism to protect users from hacking attacks, provided that this power is pre-disclosed, rule-based, used only for specific cybersecurity incidents, its scope and duration are strictly limited, and no single individual has unilateral control over it.

However, you cannot use this pause to upgrade the protocol, change economic parameters, or make governance decisions. This clause is exceptionally well-designed, almost tailor-made for protocols like Compound, Aave, and Uniswap that have security council arrangements.

The second direction is toward "the protocol itself"—drawing a protective circle around the code.

The bill exempts developers from several of the most stressful issues of the past few years in one fell swoop:

- Compile, relay, and verify network transactions; operate nodes or oracles;

- Develop a distributed ledger system;

- Develop wallet software to allow users to safeguard their private keys.

These actions alone do not constitute grounds for securities law jurisdiction. Those who have witnessed the Tornado Cash controversy in 2018, the code sanctions in 2022, and the lawsuit against the developers of Samourai Wallet in 2023 should be able to appreciate the weight of this clause.

It takes the proposition that "writing code is a form of freedom of speech," which has long been advocated by the legal community but not acknowledged by DOJ, and directly enshrines it as a legal provision.

But note the details: the bill retains the SEC's anti-fraud and anti-manipulation enforcement powers. In other words—writing code is no longer a crime, but using code to deceive people is.

These two directions combined constitute the complete second line of logic:

- The agreement itself is protected by law, but those who operate the agreement are regulated according to their actual degree of control.

- Truly decentralized protocols have gained decent legal status, but "semi-DeFi" will be co-opted.

Many DEXs, lending protocols, and derivatives platforms that claim to be decentralized but still have the admin key in the hands of the team will have to make a painful choice in the next two years—either truly decentralize power or register as a broker-dealer or exchange.

The gray area in the middle has the highest capital and compliance costs.

Third, stablecoins cannot function like banks, but DeFi can—a carefully maintained narrow boundary.

If the entire bill has one most dramatic chapter, it's the ban on interest rates on stablecoins.

In short: digital asset service providers are prohibited from paying stablecoin interest or returns to U.S. users.

But—the devil is on the list of "permitted rewards".

Permissible returns that do not constitute "functional bank interest equivalents" include:

- Rebate incentives related to transaction payment and settlement;

- Returns obtained from market-making liquidity, collateral, or otherwise placing assets in credit or investment risk;

- Participate in governance, validation, staking, loyalty programs, etc.

Moreover—these returns can be calculated based on balance, duration, and tenure.

When I read the phrase "putting assets at credit or investment risk," I laughed out loud.

What is this? This is a compliance channel tailored for the entire DeFi lending market.

“Depositing USDC into protocols like Morpho, Aave, and Compound to earn returns is not subject to the ban, as long as the returns come from the credit or investment risk exposure of the asset rather than the balance interest of the stablecoin itself.”

The banking industry certainly saw through this. On May 9, the three major U.S. banking associations (ICBA, BPI, and ABA) jointly issued a letter rejecting the compromise, specifically calling it a "loophole."

On Mother's Day, May 11, Rob Nichols, CEO of the American Bankers Association, sent a letter to all bank CEOs across the United States, urging them to "take immediate action" to lobby senators.

Their core argument is straightforward: about 80% of US bank loans come from customer deposits; if stablecoins can give users a reason to keep their money in USDC wallets instead of checking accounts through "activity-based rewards," then banks will lose a cheap source of funding.

Tillis's response translates to: "Loophole it is, I agree to disagree."

The logic behind this game is the most worthwhile part to understand.

Washington is taking a gamble—leaving a narrow, legally carefully maintained boundary between stablecoins and bank deposits: stablecoins cannot pay interest directly like banks (protecting the deposit base), but they can serve as an entry point to DeFi yields (allowing for market-based pricing in the capital markets) .

It pretends to protect banks, but in reality, it opens up a more flexible product space for the crypto industry than banks do.

The most important meaning of this clause is that the law draws a line between "deposits" and "credit risk exposure," and this line happens to be drawn on the boundary of DeFi lending protocols.

The legitimacy of the USDC lending market has been further confirmed—not because stablecoin pays interest, but because users put stablecoin into a "asset at credit or investment risk" vehicle.

Downstream implications of this logic: While compliant issuers like Circle and Paxos cannot directly pay interest, users can deposit stablecoins into DeFi protocols, on-chain lending markets, and tokenized money market funds—vessels with "credit risk exposure"—to earn returns.

The legal foundation for RWA's lending market and on-chain credit market has been further solidified.

Behind these three lines of reasoning lies the same legislative philosophy.

If we examine these three underlying principles together, we can discover a hidden common structure—each of them is about "the law not overthrowing X, but rather carving a new path next to X":

The first rule is not to overthrow Howey, but to excavate ancillary assets.

Article 2: Without overturning the regulation of securities intermediaries, a distinction will be made between "agreements vs. operators".

Article 3: Without overturning the protection of bank deposits, a channel for "credit risk exposure" is created.

These three points together encapsulate the spirit of this bill: it does not overturn existing rules, but rather carves out new categories within the cracks of existing rules.

While the cornerstones of case law remain unchanged, securities laws are not repealed, and bank deposit protection is not abolished, crypto assets, DeFi protocols, stablecoin activities, and on-chain lending yields have all been specifically and separately incorporated into the law using a new set of logic.

This is a very American legislative philosophy— it hates revolution, but excels at patching up old frameworks with new ones, and once enough patches are applied, the world is different.

We must also consider the costs.

At this point, portraying this bill as overly virtuous would seem dishonest. Each of the three lines of reasoning has its counter-argument, and professionals should be aware of this:

The consequence of the first rule is that the final form of the disclosure obligation for ancillary assets is entirely determined by the SEC through rulemaking.

If the disclosure forms are too cumbersome—for example, requiring project teams to update their token economic models quarterly, disclose in detail the unlocking and changes of all holders of more than 4% of the tokens, and provide continuous "startup progress" reports—then this set of disclosure obligations will approach the actual cost of a full securities registration.

The law has given you a new channel, but how wide that channel is depends on how the regulatory agencies interpret it.

The second point comes at the cost of rigorous testing for "true DeFi," but the SEC has the power to enforce it.

The boundaries of terms such as "controlling or significantly altering the functionality of an agreement" and "reviewing, restricting, or prohibiting the use of an agreement" need to be defined by the SEC through cases and rules.

If the next SEC chairman is not friendly to DeFi, he can interpret these standards very narrowly.

The legislation has provided a safe harbor, but who will draw the boundaries of that safe harbor remains an open question.

The cost of the third point is the most straightforward—with such a wide "credit risk exposure" channel, will it give rise to a new round of Celsius/BlockFi-style gray-yield products?

The line between legally permissible "activity-based rewards" and actual "interest" is clear in the text, but easily blurred in product design. Regulators will inevitably face a number of products that skirt the line in the future—products that appear to "place assets at credit or investment risk," but whose user experience is no different from that of time deposits.

This game has only just begun.

The real battleground in the next phase will not be in Congress, but in regulatory agencies.

The phrase "the Commission shall adopt rules…not later than 1 year" appears dozens of times in the bill.

Who will chair the SEC and the CFTC, and how they respond to industry feedback during the notice-and-comment phase, will determine the final structure of these regulations. What we see today is the skeleton; the muscles will take 12 to 18 months to grow.

ending

Let's go back to this morning's markup.

Even if it passes the committee smoothly, the bill still needs to go through a full Senate vote, be merged with the Agriculture Committee version, be reconciled with the House version, return to both houses for a vote, and finally be sent to the president for signature—any one of these steps could change the form of the provisions.

Polymarket has recently given a 60-70% probability that "CLARITY will be signed into law in 2026".

But even if the final legal text differs from today's draft, this 309-page text itself has already done its most important work:

It changed the language of the nationwide debate on encryption policy from "Is this a security?" to "At what level should it be disclosed, by whom should it be regulated, and by what standards should it be compliant?"

Ten years ago, regulating this industry relied on "regulation by enforcement," five years ago it relied on "regulation by ambiguity," and now it is finally moving towards "regulation by statute."

What practitioners should pay most attention to is not any specific exemption, but the fact that the language of the game has changed. As for where this game will ultimately lead, no one can give an answer now—that's precisely what makes it so interesting.