Skip to content

Upon the Conviction of the Villain Sam Bankman-Fried


Raúl Carrillo (@RaulACarrillo) is an Academic Fellow at Columbia Law School and the former Deputy Director of the LPE Project.

Roughly one year ago, following an ill-timed Twitter beef with a competitor, the billionaire Sam Bankman-Fried watched his empire collapse. “SBF” declared bankruptcy for most of his 140 companies, including FTX, one of the world’s largest cryptocurrency trading platforms and once valued at $32 billion. Customers, creditors, and shareholders, including the Ontario Teachers’ Pension Plan, took the hit. The implosion revealed that SBF and his fellow executives had stolen over $8 billion in customer funds to speculate, enrich themselves, and win political influence. Three weeks ago, in the U.S. Southern District of New York, many people got what they wanted: after just four hours of deliberations, a jury found SBF guilty of seven counts of criminal activity (wire fraud, securities fraud, commodities fraud, and money laundering), which together carry a maximum sentence of 110 years. 

I feel nothing. Schadenfreude fades. This isn’t a victory for the government, much less “the people,” by any meaningful metric. Indeed, for at least three years, Bankman-Fried won. He hacked D.C. as regulators, policymakers, investigative journalists, foundations, and too many young progressives treated him as a boy-wonder Robin Hood. They uncritically accepted his claims that he merely hoped to achieve the most good, which required extraction today but redistribution tomorrow (or, if not tomorrow, any day now). 

The tech mystique was undoubtedly part of the con. Distributed ledger technology (of which blockchain is the most popular form) now comprises the payments, information, and communications infrastructure of many different organizational enterprises, but most critically, the cryptocurrency and broader digital asset industry. “On the chain,” true believers try to craft the building blocks of economic systems. Most obviously, they try to create something resembling money, a task of sorcery and violence at any level. Companies operating in a nominal vacuum of public law grapple with market governance, managing labor and competition. To address fraud and money laundering, but also the trafficking of arms and humans, they sometimes negotiate terms of surveillance, discipline, and punishment with government intelligence agencies. On the chain, we find nightmares of immortal property and unbreachable contract. We also find dreams of cooperation and shared abundance. 

Yet in executing “one of the biggest financial frauds in American history,” SBF deployed this putatively decentralized tech to not just build outward from U.S. space and power but inward, capturing U.S. political institutions with astounding ease and speed. While SBF flew the Skull & Crossbones at his headquarters in The Bahamas, he flew the Stars & Stripes at the capitol. He conned regulators, cops, and Congress. He didn’t succeed despite the law—he succeeded because of it. 

Here, I map how SBF exploited a financial regulatory system stuck in older ways of thinking, increasingly incapable of preventing illicit finance in the platform economy. The SBF scandal demonstrates several critical ways in which not only specific agencies, but the system itself, is underprepared for the power of new, arcane networks, platforms, and utilities. To prevent such predation in the future, I argue, LPE must help accelerate the turn to proactive planning, including via day-to-day, direct surveillance of major financial institutions. 


As Saule Omarova has argued, New Dealers envisioned a modern regulatory system that would ensure financial markets strive to serve public needs, including through protection from abusive practices. However, their model assumed a coherent set of government agencies, each tied to a clearly identified entity-based licensing regime, regulating industry-specific financial products and activities. This idealized paradigm is now corroded, in no small part thanks to the rise of new financial technologies.

Today, the bodies tasked with governing finance include nearly two dozen departments, instrumentalities, agencies, boards, councils, and commissions, with substantively distinct mandates, funding structures, jurisprudential constraints, organizational priorities, personnel, and cultures. In this dysfunctional matrix, evading legibility and jurisdiction is easy, and corporations build in the fissures and shadows of the system. In particular, financial technology companies “unbundle” cognizable components, products, and functions of “legacy” financial institutions and then rearrange and distribute them among a network of corporations, many across international borders, evading substantive regulation and supervision (and criminal referrals). Beyond this macroscopic regulatory failure, the agencies themselves suffer from critical weaknesses: many agencies are institutionally “paranoid,” they compete for industry favor, and the scarcity of relevant expertise means a revolving door stays spinning. 

In the wake of these regulatory limitations, policymakers in both parties have turned to criminal law enforcement as an alternative solution. As I’ve argued elsewhere, there is still a loose consensus that the government is responsible for maintaining “financial integrity,” specifically by maximizing data collection to detect “bugs,” including fraud and money laundering. However, the DOJ brings few cases against major financial institutions, usually upon regulatory referral and generally resulting in Deferred Prosecution Agreements. The Treasury, meanwhile, has explicit, expansive authority to surveil the U.S. financial system for illicit flows, which it has used to create a criminal dragnet.

However, instead of focusing on financial institutions, the Treasury deputizes financial institutions to monitor clients and customers and report suspicious activity to the Financial Crimes Enforcement Network (FinCEN). FinCEN then shares these reports with over 165 federal, state, and local agencies and private sector partners (chiefly Palantir). However, as the legal regime immunizes financial institutions from civil liability for most illicit flows so long as they file the appropriate reports, it incentivizes (often automated) mass filing of questionable utility. In fact, as I’ve argued, one of the most evident upshots of these dragnets is to unjustly harm everyday people, especially immigrants and people with criminal records. Yet even progressive policymakers, unable to pass new legislation, lean into law enforcement and national security chauvinism under the desperate presumption that “something must be done.” This approach fits comfortably within both the New Deal and neoliberal security paradigms

But maximizing data collection is not the same as cultivating information, knowledge, or understanding of businesses. Mass surveillance fails to address the core ecological dynamics. Based on his experiences as a regulator during the Savings & Loan Crisis, Bill Black coined the term “control fraud” to describe how executives can weaponize accounting to loot companies. At the time, law and economics scholars, including Frank Easterbrook and Richard Posner, argued that institutional fraud rarely occurs, but when it happens, “private market discipline” will reveal it in due time, and so there is little need for fraud prevention by governments. Black argued that this sort of thinking is how we get fraud in the first place. CEOs manipulate or create “black holes” in the regulatory universe. They then pull in other executives, accountants, and auditors. Eventually, they suck in competitors; in the maw, “bad money” drives out “good money” as those who break the law prosper, often extending the life of bubbles until they burst and reveal the frauds, causing severe economic harm to the public. A vacuum of regulation renders a criminogenic business environment.


SBF mastered this environment. In 2017, he founded a hedge fund (Alameda Research) in Hong Kong to evade U.S. tax, banking, and securities law while “starting up.” In 2019, he introduced a Bahamas-based trading platform ( and, in 2020, a U.S.-based trading platform ( — both quasi-utilities for the digital asset sector. To build the platforms, SBF disassembled and reassembled components, functions, products, and services of stock exchanges and broker-dealers into unfamiliar forms. From the start, he used the platforms’ profitability to prop up the hedge fund. Through this corporate empire, he intermediated business and customer interactions, trading according to data generated through the ecosystem. Crudely, imagine if the head of the New York Stock Exchange and 139 other companies also issued, sold, lent, and traded his own stock, which he called a “currency,” which he traded on the exchange, which you could also keep in his app where he could collect your data, and “borrow” your money to place bets with his hedge fund. 

Nevertheless, like the rest of the industry, SBF successfully wielded claims of decentralization to diffuse and disintegrate liability. On the chain, no one is responsible for anything! He never even bothered to create real internal controls or keep standardized books. He kept eight “alternative” balance sheets on Google Sheets. In October 2021, he gave potential FTX investors an unaudited balance sheet showing a single bank account containing less than $1.5 million. The collapse would reveal approximately 216 bank accounts at 36 banks worldwide, some of which had unknown balances.

It beggars belief to think no one suspected fraud. But no one took action, and SBF set the course. Bankman-Fried probed each agency, identifying the apertures in jurisdictional reach and deficiencies in institutional capacity and risk appetite. SBF registered FTX.US with FinCEN and state money transmitter regulators, subjecting it to the laws (barely) regulating Western Union. He purchased one small company regulated by the Commodity Futures Trading Commission (CFTC), rebranded as “FTX US Derivatives,” and two small companies regulated by the Securities Exchange Commission (SEC), branded as “FTX Capital Markets” & “Embed Clearing.” He claimed, however, that the CFTC–the smaller and weaker of the two regulators–should be the primary regulator for all things crypto. Why? The CFTC is funded entirely by Congressional appropriations. And SBF intended to ensure Congress was pro-crypto.

As SBF’s bipartisan lobbying campaign burned down The Hill, progressives rallied around the SEC as the proper overseer. Had the SEC established jurisdiction and moved quickly, it might have enforced notice-and-disclosure rules, some risk management procedures, audit requirements, and third-party custody of client funds. It might have even attempted to break the U.S. platform into familiar entities. However, whether any of these measures could have stopped the disaster is unclear. The SEC’s supervisory powers would likely be limited to ex-post investigations based on complaints and allegations. It would still face international jurisdictional fights. Core financial dynamics (like the broader chaos of token and securities lending) would persist. The engineers could have still used proprietary software to steal funds.

Although SEC Chair Gary Gensler maintains “time-tested” securities laws (rooted in the Great Depression) can sufficiently govern the digital asset sector, only now, after FTX has collapsed and the SEC has taken action against over 100 smaller companies, are regulators taking necessary (if deeply insufficient) action against the most significant remaining trading platforms—Binance, Coinbase, and Kraken. Meanwhile, Tether, a “stablecoin” issuer and the backbone of the sector, valued at $55 billion, is still in a black hole. Some reformers have argued governments should impose banking regulation and supervision on stablecoin issuers before more become transnational money laundering enterprises, but there seems to be little political appetite to do so. 


We need to reset. As Julie Cohen warns, too often, we try to regulate with an industrial-era toolkit. Indeed, Cohen highlights blockchain as the “ultimate example” of “financial dematerialization and datafication” challenging the regulatory state. But the problem isn’t just blockchain—it’s whatever the next tech thing is. Dystopian scenarios are “finance fiction” until they aren’t. The challenge is to see around the corner despite radical uncertainty. 

Most obviously, Silicon Valley does not care about the SBF verdict. They have been busy building a far more lucrative world, prioritizing data collection rather than money per se. Before the collapse, SBF saw the limits of his business model and belatedly joined the race to build “super apps,” one-stop shops for financial services, taxes, benefits, shopping, games, and more. Mark Zuckerberg crashed and burned trying to create a “parallel financial services system.” Elon Musk (originally a payments pioneer) is launching his own attempt (perhaps using his satellites). More patient, sophisticated tech titans will follow. They will exploit the black hole of digital privacy, security, and data governance to extract from consumers rather than investors. They will hurt more vulnerable people as they tout the “democratization of finance” and target products at the poor, especially poor people of color, especially in the Majority World.

We are ill-prepared for what is to come. What does “financial integrity” actually mean now? What about “security,” “protection,” “stability,” or “safety and soundness?” There are no easy answers, but like the Silicon Valley Bank collapse, the SBF scandal at least signals that LPE should advocate for a systemic shift from reactive enforcement and rulemaking to proactive planning, including direct, day-to-day supervision, on-site examination, auditing, and standard-setting. For deterrence, consistent interdiction is more important than severe punishment. And just as scholars have argued for a focus on institutional supervision to promote financial stability, we should also use supervision to protect everyday consumers and investors. While such supervisors, which do not rely on reactive adjudication but on consistent oversight, currently exist at chartered banks (examiners may work day in and day out, on-site, at offices and desks, monitoring for violations) other agencies supervise institutions to a more limited extent or not at all. Although the Dodd-Frank Act (passed after the Global Financial Crisis of 2008-2009) enables regulators to supervise more “systemically important” financial institutions and utilities regardless of corporate form, regulators have not extended coverage far enough (and courts have not helped). Finally, and most importantly, in addition to rethinking regulation, we must embrace innovation and create “public fintech” systems to render the predators obsolete. 

There are, of course, even deeper political problems to address as well. In its original indictment, the DOJ alleged that SBF, one of the largest publicly reported donors for the 2022 midterm elections, also worked with co-conspirators to use stolen customer funds “to try to purchase influence over cryptocurrency regulation in Washington, D.C. by steering tens of millions of dollars of illegal campaign contributions to both Democrats and Republicans.” However, the DOJ dropped the campaign finance charge upon SBF’s motion to dismiss and an objection from The Bahamas. There may be a second trial for additional fraud. In any case, when SBF goes to prison, we will still lack an honest accounting of how he took advantage of our campaign finance laws–apparently the site of another regulatory black hole.

In his closing arguments of the SBF trial, the Assistant U.S. Attorney emphasized the case was not about crypto: “It’s about lies. It’s about stealing, greed.” That’s a predictable prosecutorial decree but an unacceptable LPE conclusion. It was about crypto. It was about the nexus between law and technology. It was about a system-wide breakdown in basic governance and our urgent need to reset for the future.