DeFi is a new financial paradigm that generates significant benefits. As of September 2021, DeFi transactions were funded by no less than USD 88.7 billion. The risks associated with DeFi are also significant and amplified by its unregulated environment.
Since 2017, the evolution of the crypto industry has shown that a regulatory approach that can provide certainty to the private sector, support innovation, and mitigate money laundering and investors’ risk can boost cryptocurrencies adoption. The same holds true for decentralised finance (DeFi). The critical question is how to regulate DeFi. In this context, the current debate in the US suggests that the enforcement approach – the application of financial laws to DeFi – is ill-suited to achieve the intended goal, because it is built on the concept of centralised intermediary – which per definition is absent in DeFi.
A prudential regulatory approach focused on setting risk control and capital or liquidity boundaries on the private sector and actors, may be more conducive to the intended outcome, particularly when informed by a principle-based regulation. It will require a proactive stance from the DeFi sector and actors. Embedding RegTech solutions in smart contracts may constitute a constructive opportunity going forward.
What is DeFi?
DeFi is the abbreviation for Decentralised Finance, that is, DeFi denotes finance without financial intermediaries. It takes the form of blockchain-based open-source protocols that allow individuals to perform peer-to-peer financial transactions. The transactions are implemented by smart contracts (computer programs that execute transactions in an autonomous way) that rely on cryptocurrencies, particularly stablecoins. The parties keep complete control of their assets via privately managed digital wallets. Hence, DeFi does not involve service providers either. In some cases, the parties are rewarded by the DeFi protocols with governance tokens, which are earned in exchange of engaging with the system and conducting transactions. The main categories of financial services made available through DeFi include exchanges (the trading of digital assets), derivatives trading, credit or lending, and asset management.
DeFi is full of risks. Operational risks include human (user) errors, smart contract vulnerabilities, hacking and cyberattacks, information technology failures, and various types of technological threats. Investors' risks involve misleading information; frauds; a complete absence of consumer protection rules, including, more broadly, all types of risk mitigations associated with transacting with regulated financial intermediaries; and related controls and insurances. Asset risks are akin to the risks associated with cryptocurrencies and are observed in terms of heightened price volatility. Regulatory risk takes the form of the absence of recourse, given the unregulated nature of DeFi.
DeFi generates significant benefits when compared to traditional finance. The DeFi applications improve the availability and inclusiveness of financial services. Services are delivered more efficiently through disintermediation and complete digitisation. Services are available 24/7, borderless. Their usage is comparatively easy due to high automation. The services provided have low entry costs for offerors and low operating costs for users. DeFi expands the possibilities of crypto assets and their scope, thereby consolidating their role as a new asset class. DeFi services also deliver the benefit of blockchain technology, in particular transparency.
In October 2020, the US Securities and Exchange Commission (SEC) emphasised on DeFi when discussing significant trends in the blockchain and crypto space and noted the challenges faced by the prevailing US regulatory structure. By February 2021, it became clear to the SEC that the US federal regulators were required to address DeFi and provide both legal clarity and the freedom to experiment so that DeFi can compete with CeFi (Centralised Finance) to offer investors financial services. Japan's Financial Services Agency also emphasised the importance of formulating regulatory rules for DeFi in July 2021.
In March 2021, the Financial Action Task Force (FATF) issued an update to its 2019 Guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs) for consultation. The consultation was concluded on 20 April 2021; the final revised Guidance will be issued in October 2021. The goal of the proposed updates is to broaden the definition of VA and extend the definition of VASP to ensure that all digital financial assets - including those transacted via DeFi - are captured by FATF standards.
DeFi in the United States
Recently, the regulatory discussion on DeFi intensified in the US. The Chairman of the SEC intervened multiple times to reiterate the financial regulation's core public policy goals - focused on the investors' and consumers' protection, fighting illicit economic activities, and ensuring financial stability - even though the latter has not posed as a risk to the crypto industry yet. The SEC believes that investors’ protection is lacking in the crypto space, and there particularly exists a material gap in DeFi. Accordingly, the SEC has requested the Congress for additional authorities to prevent transactions, products, and platforms from falling between regulatory cracks and more resources to protect investors in this growing and volatile sector.
Reportedly, the SEC has also taken concrete actions towards the entities associated with DeFi applications. Allegedly, the SEC has opened an investigation against Uniswap Labs - the main developer of the leading decentralised crypto trading protocol. The investigation would be focused on establishing how investors use Uniswap and how it is marketed. The SEC recently re-affirmed the commitment to get any platform implicated by the securities laws to work within the prevailing regime, independently from the platform being decentralized or centralized.
The DeFi challenge
Regulators should provide certainty to the private sector actors and mitigate Anti-money Laundering (AML) and the investors' risks without suffocating the nascent industry. If the regulators succeed in this endeavour, the adoption of DeFi would be promoted, delivering its benefits in a risk-controlled way. Attempting to regulate DeFi by enforcing the existing financial regulation may not be the most conducive way. As a case in point, regarding the situation prevailing in the US, Matt Levine explains that replacing "smart contract" with a "person" in the description of DeFi would be equivalent to describing an investment contract (security) subject to the SEC regulation. However, not replacing "smart contract" with a "person" in the description of DeFi, makes it most difficult to argue that the SEC regulation applies. The author concludes that there is some genuine novelty in DeFi and it is really unlike the sorts of securities offerings that were on Congress's mind when it passed the core U.S. securities laws in the 1930s. The regulatory challenge raised by DeFi is that the existing financial regulations are predicated on the existence of financial intermediaries. Accordingly, regulating DeFi through enforcement - applying existing financial laws to DeFi - is going to be much harder than regulating DeFi prudentially in the context of principle-based regulation.
In conclusion, it is in the interest of the DeFi industry to work together and proactively with the regulatory authorities because such cooperation is a precondition for the innovative space to grow, be widely adopted, and generate benefits to the mass while ensuring the presence of AML controls and investors' protection. The critical question is how to regulate DeFi. The enforcement approach - that is, the application of traditional detailed financial laws to DeFi - appears to be a difficult way to achieve the intended goal. The prudential regulatory process - focused on setting risk control and capital or liquidity boundaries on the private sector and actors - may be more conducive to the intended goal, particularly when based on a principle-based regulation. However, DeFi is antithetical to centralised intermediation. Therefore, the DeFi sector and actors need to be proactive and work together with the regulators. Regulators also need to be innovative. Embedding RegTech solutions in smart contracts may be a constructive way forward.
DeFi is a new financial paradigm that carries not only several potential benefits but also material risks. Therefore, its regulation is unavoidable to get its services broadly adopted. Regulating DeFi is complicated because the fundamental proposition of financial regulation is the existence of financial intermediaries; however, as per the definition, DeFi excludes such intermediaries. Accordingly, a new regulatory approach that does not assume the existence of a centralised intermediary is needed, which involves cooperation between the private and official sectors. Principle-based legislative frameworks are likely to accommodate DeFi better than detailed regulatory structures. A prudential regulatory approach will succeed better than an enforcement approach to regulating DeFi. Finally, the highly automated nature of the smart contracts that lie at the core of DeFi protocols may present a regulatory opportunity in terms of RegTech in the form of automated compliance programs.