[JumpCrisscross]

> they will not provide any written guidelines for their positions

They legally can't. That's rulemaking. There are formal processes for government agencies issuing binding guidance.

There is a real problem with ambiguous laws. But asking the SEC to be your lawyer is a bit of a fool's errand. Coinbase absolutely knew they were breaking the law when they set out; they, and the rest of crypto, just hoped they could change it before they got caught.

[hef19898]

While I have no experience in dealing with the SEC, I do in dealing with EASA and SOX audits. One common theme, both give you the barebone rules as written, and it is up to you to figure out how to follow them. In case of EASA, you define your own processes, and auditors sign off on those. You can hire external consultants to help you, but in the end it is your responsibility.

In case of SOX, you are required to have one company doing the prep work (processes, controls, internal "audits") with you, while another company does the formal audots and signs of on the balance sheets and financiap results. The latter wont give you any guidance neither when it comes to how compliance can be achieved.

And in both cases, there are always people that refuse to accept the well established guiderails and limits, when those are explained to them. Excuses range from inconvenient to I-do-not-want-to to "but what about innovation". Which is just bonkers, because both, SOX and EASA basically allow you to write your own internal rule book, and still people are not happy. It seems following rules is just below some people and their egos. Not that auditors care so.