The CFTC Just Drew a Line Between Wallets and Brokers: Here’s What It Actually Says

CFTC Letter No. 26-09: No-Action Relief for Phantom Technologies Redefines the TSV Framework and Signals a Regulatory Path for the Entire Non-Custodial Software Stack

TLDR

• The Letter: CFTC Letter No. 26-09 grants Phantom Technologies no-action relief from broker registration under CEA Section 4d(g) and associated person registration under Section 4(k), subject to ten specific conditions. Phantom can develop and distribute front-end software enabling users to trade event contracts, perpetual contracts, and other CFTC-regulated derivatives through registered DCMs, FCMs, and IBs (“Collaborators”) without itself registering as an Introducing Broker (IB).
• Why It Matters: This expands and builds upon the old Technology Service Vendor (TSV) letters. The letter permits Phantom to do things the TSV framework explicitly prohibited: introduce users to specific Collaborators, receive revenue shares tied to trading activity, and charge transaction-based fees to users. The CFTC seems to be saying that a wallet provider can have a commercial relationship with the venues it connects users to and still not be a broker, so long as it meets the enumerated conditions.
• The Bigger Picture: The letter explicitly states it applies “until the effective date of a Commission rulemaking or guidance” on IB registration for software providers. That language links directly to Chair Selig’s March 10 directive to staff.
• The Conditions: Ten of them, and they are not boilerplate. They include joint and several liability undertakings with each Collaborator, NFA-compliant communications policies, risk disclosures, recordkeeping, and consent to CFTC jurisdiction. This is regulatory relief with real teeth, and if builders and investors want to take advantage they need to work with their legal teams to ensure actual compliance.

1. Beyond the TSV Letters: What Changed and Why It Matters

To understand what the CFTC just did, you need to understand the framework it replaced. For nearly two decades, the CFTC’s approach to technology intermediaries in derivatives markets has been governed by a series of interpretive letters issued to TSVs. Those letters, issued between 2006 and 2008, established six conditions under which a software provider could facilitate access to derivatives markets without registering as an introducing broker.

The TSV framework worked, but it was built for a different era. Its requirements assumed a world where technology vendors were passive pipes connecting customers who already had relationships with their FCMs or IBs. The vendor could not recommend a particular FCM, could not receive compensation from the FCM, and could not produce buy/sell signals. In crypto, where the wallet is the primary user interface and often the first point of contact between a user and a trading venue, those assumptions break down.

Phantom’s proposed activities deliberately cross several TSV bright lines. Under the letter, Phantom will: (a) introduce and solicit users to specific Collaborators, even where no pre-existing relationship exists; (b) contract with Collaborators for revenue-sharing arrangements tied to user trading activity; (c) charge transaction-based fees directly to users; and (d) market specific derivatives products (event contracts, perpetual contracts) and the availability of specific Collaborators.

Why this departure matters: The TSV letters created a safe harbor that most crypto wallets could not realistically fit within. The Phantom letter creates one they can. By permitting commercial alignment between the wallet and the venue, including revenue sharing, the CFTC acknowledges the economic reality of how crypto distribution works. The wallet is not just the pipes of 2008; it is a distribution channel. And that, the CFTC is saying, is acceptable so long as the wallet does not cross into brokerage.

2. The Bright Line: What Phantom Can and Cannot Do

The letter’s analytical framework turns on a specific set of functional constraints. Phantom’s involvement in order submission is limited to “passively providing software” via mobile app or browser extension that enables the user to transmit orders directly to Collaborators. At no point will Phantom:

• Have affirmative involvement with any particular order;
• Hold, control, or take into custody user assets;
• Generate express “buy” or “sell” signals; or
• Exercise discretion with respect to the routing or execution of user orders.

The user’s funds and positions remain in custody with the DCM derivatives clearing organization (DCO) and/or an FCM that is a member of that DCO. The letter describes this as a “custodial model of trading” consistent with existing exchange-traded derivatives market structure. Phantom is the interface layer. The regulated entities handle clearing, custody, and execution.

What Phantom can do is notable. It can market its services and relationships with Collaborators, promote the availability of specific derivatives contracts, introduce users to specific Collaborators (users need not have a pre-existing relationship), and charge both transaction-based fees to users and receive revenue shares from Collaborators. Its personnel can discuss and demonstrate the software at conferences and on social media, subject to Phantom's pre-approval and supervision.

A critical scope limitation: Phantom itself has emphasized that this relief applies specifically to a “custodial model with a registered exchange partner” and “does not cover DeFi derivatives or tokenized prediction markets.” That distinction matters. The letter provides a path for wallets that connect users to registered, centralized venues. It does not provide cover for wallets that connect users to decentralized protocols or on-chain prediction markets operating outside the CFTC’s registered infrastructure. For the DeFi front-end layer, the registration question remains open, and it is the one Chair Selig’s forthcoming guidance will need to address.

Strategic takeaway: The CFTC is drawing the line at discretion and custody, not at commercial relationship. A wallet can have deep economic ties to the venues it connects users with. What it cannot do is exercise judgment over orders or hold user funds. That is the functional test. But the relief is bounded: registered venues only. DeFi is still TBD.

3. The Ten Conditions: Regulatory Relief With Real Teeth

The relief is conditioned on ten requirements, and they are worth reading carefully because they effectively define the compliance architecture any wallet provider seeking similar relief would need to build:

1. No statutory disqualification. Phantom, its principals (per 17 CFR 3.1), and any individual soliciting users must be free of statutory disqualification, with prompt notice to the CFTC if that status changes.
2. Conflict disclosures. Users must receive and acknowledge disclosures about Phantom’s relationship with each Collaborator, including potential conflicts of interest and fees.
3. Risk disclosures. Users must receive and acknowledge a risk disclosure statement consistent with 17 CFR 1.55(b), which Phantom can deliver via terms of service or onboarding documentation. Exception: not required where the Collaborator is already obligated to provide the same disclosure.
4. Independent user access. Users must be onboarded as direct members (for DCMs) or customers (for FCMs/IBs) and must be able to access the Collaborator independently of Phantom.
5. NFA-compliant communications. Phantom must adopt and enforce policies and procedures for public communications and marketing as if it were a registered IB, consistent with CFTC and NFA rules (including 7 U.S.C. 6b, 17 CFR 180.1, and NFA Compliance Rule 2-29).
6. No NFA pre-approval-required advertising. Phantom cannot engage in advertising or promo that would require NFA pre-approval under Rule 2-29 if Phantom were registered as an IB.
7. Joint and several liability. Phantom and each Collaborator must execute a written undertaking agreeing to joint and several liability for any violations of the CEA or Commission regulations when Phantom or its personnel engage in the Proposed Activities with or on behalf of that Collaborator. Both must consent to CFTC jurisdiction for enforcement.
8. Recordkeeping. Phantom must maintain records of its compliance and Commission-regulated business activity consistent with 17 CFR 1.31.
9. Insolvency notice. Phantom must promptly notify the Division if it becomes insolvent or enters a bankruptcy proceeding.
10. Consent to jurisdiction. Phantom must file a notice agreeing to satisfy all conditions and consenting to CFTC jurisdiction for investigation and enforcement in connection with the Proposed Activities.

Acting like an IB. As you can see, while Phantom will not need to register as an IB, its compliance requirements will look an awful lot as if Phantom had, and that requires real legal and regulatory expertise.

Serious Potential Liability. Joint and several liability with each Collaborator is a serious undertaking. It means that if Phantom's marketing or user-facing conduct violates the CEA, the registered venue is on the hook too, and vice versa. This creates a built-in accountability mechanism: the Collaborators have every incentive to police Phantom's conduct, and Phantom has every incentive to stay within the lines. For this to work, companies like Phantom will need robust compliance programs to satisfy their Collaborators.

4. The Expiration Clause: This Is a Bridge, Not a Destination

The letter contains a critical temporal qualifier: MPD’s no-action position applies “until the effective date of a Commission rulemaking or guidance addressing the application of the IB registration requirement to software providers.” That language is a direct cross-reference to Chairman Selig’s March 10 directive to staff to provide guidance on intermediary registration for non-custodial software developers.

Read together, the picture is: Phantom gets company-specific relief now that can be used by similarly situated crypto companies. In the meantime, the CFTC will develop a broader framework for the entire category. The letter is a proof of concept. The forthcoming guidance will determine whether the analytical approach it embodies becomes the general rule or whether the CFTC takes a different direction.

Strategic takeaway: Companies building to this template need to stay engaged with the rulemaking process. The Phantom letter tells you where the CFTC’s thinking is today. The rulemaking will tell you where it lands.

What This Means for You

For wallet developers and DeFi front-end builders: The Phantom letter is a much needed roadmap, but read the conditions carefully. The architecture requirements (self-custody, passive order transmission, no discretion) are table stakes. The compliance requirements (NFA-standard communications policies, risk disclosures, recordkeeping per 17 CFR 1.31) are where the real legal, regulatory, and compliance work is. And Condition 7, joint and several liability with your venue partners, is a structural commitment that will require sophisticated legal agreements. If your product fits this model, consider seeking your own no-action relief or, at minimum, structuring your compliance program to mirror these conditions in anticipation of the forthcoming broader guidance.

For registered intermediaries (FCMs, IBs, DCMs): Wallet providers are now officially potential distribution partners, not registration liabilities. But the joint liability undertaking means you need to diligence their compliance infrastructure before signing on. Expect inbound partnership interest; build your evaluation criteria now.

For investors and funds: The regulatory risk discount on non-custodial wallet plays has narrowed. This is still a no-action letter, not a rule, and it is explicitly a bridge to forthcoming guidance. But it significantly clarifies the CFTC’s analytical framework. Diligence on portfolio companies should now include whether they have (a) engaged the CFTC and SEC proactively, (b) built compliance architecture that mirrors these ten conditions, and (c) secured or are seeking their own relief.

The CFTC is not handing out free passes. It is defining, with much sought-after precision, the terms under which the crypto wallets can operate alongside regulated derivatives markets without itself becoming a regulated intermediary. The conditions are demanding. The liability is shared. But the principle is now on paper, and it is the most important piece of regulatory infrastructure the crypto wallet ecosystem has received to date.

Please reach out to us to discuss more.

See CFTC Staff Letter 06-29; CFTC Staff Letter 08-07; CFTC Staff Letter 08-12 (collectively, the “TSV Letters”). These were issued by the Division of Clearing and Intermediary Oversight, a predecessor to MPD.

The TSV Letter Requirements were: (1) pre-existing customer-FCM/IB relationship independent of the TSV; (2) TSV would not recommend any particular FCM or IB; (3) no express buy/sell signals; (4) no soliciting or accepting orders for futures/options; (5) TSV fees not related to FCM/IB execution fees; and (6) no DCM or DTEF membership. Letters 06-29 and 08-27 also required no compensation from any customer's FCM or IB.

Phantom’s current business involves developing self-custodial crypto asset wallet software for Bitcoin, Ethereum, and Solana. The wallet enables users to generate and manage cryptographic credentials for viewing, storing, and conducting self-directed transactions, and provides a user interface for transmitting instructions to trading protocols and decentralized applications.

Letter No. 26-09 at 4. “Relevant personnel” includes employees discussing and demonstrating Phantom’s software at industry conferences and making promotional statements on social media, in each case subject to Phantom’s pre-approval and supervision.

Phantom Technologies, “” (Mar. 17, 2026). Phantom CEO Brandon Millman stated: “A critical part of making crypto safe and easy to use is building financial products that are governed by clear, common-sense regulations. When warranted, engaging regulators early to find compliant pathways for these new products produces better outcomes for our users, for the industry, and for regulators themselves.”

The letter explicitly notes that this relief applies “until the effective date of a Commission rulemaking or guidance addressing the application of the IB registration requirement to software providers.” This language directly cross-references Chairman Selig’s March 10, 2026 remarks at the FIA Global Cleared Markets Conference, where he directed staff to provide guidance on intermediary registration for developers of non-custodial software systems.

CFTC Chairman Michael Selig, Remarks at FIA Global Cleared Markets Conference (Mar. 10, 2026).