Senator Cynthia Lummis is doubling down on her defense of the Digital Asset Market Clarity Act, known as the CLARITY Act, as a core dispute over how far federal law should reach into decentralized finance software development breaks into the open.
At the heart of the fight is a simple but pivotal question: when does writing code for non-custodial crypto tools make someone a “money transmitter” under US law – and therefore subject to Bank Secrecy Act rules, including full-scale KYC compliance?
A Conviction That Changed the Stakes
The debate is not academic. In August 2025, Roman Storm, co‑founder of Tornado Cash, a popular cryptocurrency mixing protocol, was convicted on conspiracy charges tied to operating an unlicensed money-transmitting business.
The verdict sent shockwaves through the crypto developer world. Many engineers who had long believed that publishing open-source, non-custodial software kept them outside money-transmitter frameworks suddenly saw how prosecutors might argue otherwise. Legal definitions that once felt remote and theoretical became urgent and personal.
That case – along with a handful of similar enforcement actions – now looms over legislative negotiations in Washington. For builders and investors in DeFi, the outcome could determine whether writing and deploying smart contracts exposes them to the same obligations as banks and payment processors.
The CLARITY Act Moves to Center Stage
The CLARITY Act has been pitched as the vehicle that will finally give the digital asset industry a predictable framework. Among its key promises: clear boundaries for developers who build tools that never take custody of user funds.
Section 604 of the bill explicitly incorporates language from the Blockchain Regulatory Certainty Act (BRCA). The BRCA’s central idea is straightforward: if you design or publish software but never hold, control, or have access to customer assets, you should not be treated as a financial institution or money transmitter.
This carve-out is critical for DeFi, where protocols are often designed so that users retain control of their own keys and assets, interacting directly with smart contracts rather than relying on a custodian.
Chervinsky’s Warning: A Hidden Trap in Title 3
Prominent crypto attorney Jake Chervinsky is not convinced the CLARITY Act delivers what it promises. His concern is focused on Title 3 of the Senate Banking Committee draft.
According to his reading, the money-transmitter definitions in that section are written broadly enough that they could still sweep non-custodial software developers into Bank Secrecy Act territory. In practical terms, that would mean subjecting them to anti-money laundering and know-your-customer obligations, the very outcome the BRCA language is supposed to prevent.
Chervinsky argues that if the bill simultaneously incorporates the BRCA while introducing new, ambiguous language that expands who counts as a money transmitter, the protection for developers becomes hollow. In his view, those conflicting provisions would “undermine” the BRCA and leave DeFi builders exposed to regulatory risk – or at minimum, years of litigation over how the law should be interpreted.
He has called preventing misclassification of non-custodial developers “non‑negotiable” for the DeFi ecosystem and insists that, as drafted, the issue remains unresolved.
Lummis Pushes Back: “Strongest Protection Ever”
Senator Lummis, a leading Republican voice on digital asset legislation, has publicly rejected the criticism. She says recent bipartisan revisions to Title 3 strengthen, rather than weaken, protections for developers.
In public statements, she has urged observers not to buy into what she characterizes as fear, uncertainty, and doubt, insisting that the updated language in Title 3 makes the CLARITY Act “the strongest protection for DeFi and developers ever enacted.” From her perspective, the bill must pass precisely so those safeguards can take effect.
However, the latest negotiated text she references has not yet been released in full. Earlier versions of the CLARITY Act were available, but the newest bipartisan compromises – including the revised Title 3 language – are still behind closed doors. That means outside lawyers and developers cannot yet verify whether the concerns raised by Chervinsky have been addressed.
Until the updated draft is made public, the clash essentially comes down to competing interpretations of unseen text: a senator’s assurance that the bill is safe for DeFi versus an attorney’s warning that the details may tell a different story.
Stablecoins in the Spotlight, Developers in the Background
Complicating matters, much of the public and political attention around the CLARITY Act has focused on its stablecoin provisions. Bipartisan progress on issues like interest or rewards paid on stablecoin balances has driven the bill closer to a formal markup in the Senate Banking Committee, expected sometime in April.
Those elements matter for markets, but they are not what keeps open-source developers awake at night. Chervinsky and others argue that the quieter, less publicized definitions in Title 3 could reshape the legal risk attached to non-custodial wallets, DeFi interfaces, and protocol frontends.
As the stablecoin debate dominates headlines, the developer-protection fight risks being overshadowed – even though its outcome may determine whether the next Tornado Cash-style prosecution is more or less likely.
Why the “Money Transmitter” Label Matters So Much
Under US law, being classified as a money transmitter triggers registration, reporting, and KYC obligations. These requirements were built for businesses that take custody of funds and move money on behalf of customers: banks, payment processors, remittance companies.
Non-custodial software, by design, is supposed to avoid that role. A self-custody wallet, for example, gives users the tools to sign and broadcast their own transactions, without the wallet provider ever holding the assets. A smart contract interface allows users to interact with code that lives on a blockchain, but the operator of the website may never touch the underlying tokens.
If such tools are still deemed “money transmission,” developers could be forced to collect sensitive personal data, maintain compliance programs, and face criminal liability for failures – even though they never possess customer funds. For small, open-source teams, that expectation is close to impossible to meet.
The Roman Storm case demonstrated how prosecutors might argue that building and maintaining infrastructure used for mixing or obfuscating funds can constitute running an unlicensed money-transmitting business, particularly when the service is framed as facilitating transfers for others. That line of reasoning is exactly what many DeFi builders want Congress to clearly reject.
The Core Legal Tension Inside the CLARITY Act
The CLARITY Act attempts to tackle two things at once:
1. Bring digital asset markets more firmly under existing financial regulatory frameworks.
2. Provide assurances that certain kinds of software development will not, by themselves, trigger full financial-institution compliance.
The tension lies in how these goals interact. Very broad, technology-neutral definitions of “money transmission” appeal to regulators and enforcement agencies who want flexibility to chase bad actors. But the broader those definitions become, the harder it is to carve out protections for non-custodial code without creating loopholes.
Section 604’s incorporation of the BRCA is meant to draw that line: no custody, no money-transmitter status. Chervinsky’s argument is that other language in Title 3 blurs the line by focusing on “facilitating” or “arranging” transfers, which could easily be read to cover DeFi interfaces, routers, or even some smart contract deployers.
If that reading holds, the nominal BRCA protection might exist on paper but be neutralized in practice, as regulators point to competing statutory text to justify aggressive enforcement.
What Developers Should Watch For in the Final Text
Until the revised bill is published, developers and legal teams are essentially waiting to see which side of the argument the final language supports. Key questions they will be asking include:
– Does the statute clearly state that merely publishing, maintaining, or improving non-custodial, open-source code is not money transmission?
– Are there any “facilitation” or “arrangement” clauses that could be interpreted to override BRCA-style protections?
– Is the definition of “control” of digital assets precise, or could operating a user interface or API be considered a form of control?
– Are exceptions and safe harbors broad enough to cover typical DeFi architectures, including aggregators, frontends, and non-custodial liquidity tools?
The answers will influence not only legal risk but also where new projects choose to incorporate, how open their codebases remain, and whether US-based developers feel comfortable working on high-profile DeFi protocols.
Implications for the Future of DeFi in the United States
If the CLARITY Act, once finalized, is widely seen as protecting non-custodial developers, it could mark a turning point. Clear boundaries might encourage more institutional participation, spur investment in compliant DeFi infrastructure, and reduce the fear that writing code could suddenly be reinterpreted as operating an unlicensed financial business.
On the other hand, if the final text leaves room for expansive interpretations of “money transmission” that encompass non-custodial software, the likely result would be more fragmentation. Developers might move abroad, anonymize their work, or avoid the most innovative – and controversial – protocol designs. US jurisdiction could become a red flag for cutting-edge DeFi projects rather than a seal of legitimacy.
The Roman Storm case serves as a stark reminder that absent explicit statutory clarity, prosecutors and regulators will continue to test the limits of existing law against new technologies.
A Regulatory Crossroads
For now, the industry is caught between two signals: a high-profile conviction suggesting that writing and running DeFi infrastructure can carry severe criminal risk, and a flagship legislative effort that promises protection but has yet to reveal its final language.
As the CLARITY Act advances toward a Senate Banking Committee markup, the debate between Senator Lummis and Jake Chervinsky captures a broader crossroads for US digital asset policy: whether Washington can craft rules that meaningfully target custodial intermediaries and bad actors without unintentionally criminalizing the open-source code that powers decentralized finance.
Until the negotiated Title 3 language is released, developers, investors, and policy watchers are left to weigh the promise of clarity against the possibility that, in practice, little may change for those who build the tools at the heart of DeFi.