DeFi: The Future of Finance?

Part of the fundamental concept of DeFi is the lack of a trusted intermediary. By its nature, this makes regulating it all the more difficult, despite the general consensus that the application of regulation should be technology-neutral. Regulators will need to grapple with whether the sector (or parts of it) need to be regulated and if so, how to do so. Traditional regulation focuses on the entities providing the service. In the DeFi context, we query whether regulators will seek to supervise those persons who create DApps (which could be tricky given the cross-border context and that a lone individual might create a DApp which goes viral), will create regulatory requirements that force DApps into more staid regulatory frameworks (in tension with their decentralised nature), or whether regulation might need a more fundamental re-think.

Consumer protection is at the forefront of most regulators’ minds and is one of the objectives of good regulation. DeFi tends to be permissionless and potentially accessible to all, including to those who might not fully understand the risks. Further, there are few intermediaries who fully understand DeFi and so any advice could be limited. Regulators will be mindful of the risks to retail investors of DeFi – in particular, complex products which might be leveraged or have an underlying which is very volatile.

One of the most immediate concerns relates to the potential for fraud and misleading promotions that capitalise on the public’s lack of familiarity with DeFi constructs. We expect early rulemaking to focus on misappropriation, conflicts of interest, misleading disclosures, misuse of information, and manipulative trading activities.

Another topic that will be on regulators’ minds will be the safety and security of DeFi protocols. Where a particular DeFi project has a large number of consumers (or rather, a high value of assets involved), cyber criminals are likely to be interested in exploiting weaknesses. It is not long since the DAO hack which resulted in the Ethereum hard-fork, where the DAO in question had vulnerabilities in its code. A variety of novel security risks are also emerging as DeFi proponents seek new mechanisms for interaction and exchange. Finally, in an increasingly decentralised world, questions will arise about responsibility and maintenance obligations pertaining to protocols. Thus, regulators will have concerns about familiar and wholly new risks associated with popular DeFi projects.

Despite the claimed move away from centralisation, it is possible that the operations and activities of DeFi protocols are governed by very small groups of developers or individuals. Regulators will want to ensure that responsibility for governance failings (which may lead to more costly failures and customer detriment) is appropriately allocated between the various parties. Legislators in a small number of jurisdictions have already started to create new rules to ensure that DAOs can be found liable for failings.

The decentralised nature of DeFi potentially allows persons to undertake financial transactions without a clear framework for the applicability of KYC requirements. Without a responsible entity (or a clear regulatory authority), it is unclear how suspicious activity reports will be determined and who these will be reported to. The Financial Action Task Force recently provided guidance on how DeFi and DApps are covered under the FATF Standards. This may form a blueprint for regulatory approaches to limiting the money laundering risks presented by DeFi. FATF noted that creators, owners and operators or other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralised, may fall under the FATF definition of a ‘virtual asset service provider’ (VASP). However, there may not be a central person that meets the definition of a VASP and countries should monitor for emerging risks in such situations.  

BIS is monitoring for the emergence of financial stability risks relating to DeFi. Although BIS has indicated that DeFi risks do not currently pose a wider financial stability threat, this could change quickly, and the position could be different in other jurisdictions. Compared to ordinary cryptoasset trading, the power that smart contracts have to automatically effect transactions without external input (and the ability of participants to take on leverage) could mean that a collapse of one participant could quickly lead to a broader contagion.