Regulatory Principles for
Decentralised Finance (DeFi)
The cryptocurrency ecosystem in general and the Decentralised Finance (DeFi) space in particular has seen extraordinary growth over the last year. These developments have triggered increasing regulatory activity and scrutiny. It is crucial that the rapid growth of DeFi is well understood by authorities to adequately align their regulatory approaches to this space.
Overall, DeFi is still in an early phase of innovation and experimentation. The main risk from the regulatory side is premature regulation, thereby potentially stifling innovation and preventing original new ideas from emerging. Therefore, we propose an open dialogue between regulators and industry stakeholders by establishing global and/or regional fora as well as calling for consultations. Furthermore, we encourage regulators to engage in industry working groups, to observe and exchange views in the process of policymaking as well as in adjusting existing rules. Following this approach, we are optimistic about achieving common goals for both regulators and the DeFi industry.
Mindful of the challenges that DeFi presents to authorities and regulators, this letter aims to contribute to the educational and collaborative effort by outlining benefits of DeFi, explain decentralised protocols and decentralised applications (DApps), and describe the role of smart contracts. It then sets out several principles for approaching regulation of the DeFi space. The letter aims to help authorities avoid potential pitfalls by providing regulatory recommendations by the industry.
The first sentence of the Bitcoin whitepaper reads, “A purely peer-to-peer version of
electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution” (link for refs). The crypto currency movement follows a philosophy of striving for a greater good in which individuals have the ability and authority to control their own destinies. DeFi is a logical extension of this ethos. Right now there is a deficit of trust in both the public and private sectors to conduct effective and reliable financial management for all members of society.
Within many DeFi protocols exists the antithesis of centralised players; for example, in traditional financial marketplaces, single liquidity providers called “market makers” exist whereas DeFi introduces automated market makers (AMM) or constant function market makers (CFMM) (link for ref) where anyone can participate as a liquidity provider. Finally, theabsolute accessibility of DeFi – it is global, always turned on, can be accessed by anyone and will run in perpetuity – offers benefits that traditional centralised financial services cannot.
DeFi protocols allow individuals to perform a variety of financial transactions electronically on a non-custodial basis without the participation of an intermediary.
Perhaps most notably, DeFi represents one of the most promising solutions to the longstanding challenge to increase financial inclusion, a challenge that has long hindered universally shared goals such as eradicating poverty and supporting the development of emerging economies. Of course, DeFi, once it matures, will also offer security, both through advanced encryption and by not placing reliance on centralised gatekeepers that may be the subject of hacking and exploitation from increasingly sophisticated illicit actors. Among the numerous other advantages of DeFi are lower costs, increased transparency, mitigation of systemic risks including reliance on (systemically important) financial market utilities/infrastructures, increased certainty, increased market competition, and protection of privacy. These benefits have driven the meteoric adoption of DeFi services over the last year.
There is currently no legal definition of DeFi, and its interpretation can vary significantly. DeFi is generally based on dApps or protocols. It employs public Blockchain networks and smart contracts to build open, transparent, composable, and non-custodial financial protocols. It is an ecosystem comprising applications built on top of public decentralised ledgers for the facilitation of permissionless financial services. The DeFI stack generally consists of 5 layers: aggregation, application, protocol, asset, and settlement. The protocol layer in particular “provides standards for specific use cases such as decentralised exchanges, debt markets, derivatives, and on-chain asset management. The standards are usually implemented as a set of smart contracts and are highly interoperable.” Ultimately, we recommend that regulators analyse decentralised protocols in great detail and conduct thorough impact assessments before deciding to intervene. A key factor for regulatory intervention is the level of decentralisation of a project, which can change and evolve over time.
DeFi is based on dApps that run on decentralised ledgers and provide non-custodial financial networks that do not involve intermediaries. This layer of the DeFi stack creates user- oriented applications that connect to individual protocols. The smart contract interaction is usually abstracted by a web browser-based front end, making the protocols easier to use. dApps provide services similar to those offered by typical consumer applications but leverage decentralised ledgers to eliminate intermediaries and grant users more control over their data.
When designing regulatory solutions, one must be mindful to regulate activity and outcome and not technology. Often, it is useful to use an analogy to highlight risks. Consider one of the most basic forms of technology, that of paper and pencils. Regulating this technology appropriately would look at the output and the use of this paper, not the paper itself. Indeed, pass a blank sheet of paper to an eight year old and the output will be a poem, art, or some part of the child’s brain captured. Pass a similar paper to a legal team, and you have a legal contract. The output of these is very different, and one should regulate the legal contract but not the poem. Regulating the paper risks preventing human imagination from running free. We face a similar position today with code, smart contracts, and decentralised activity. Let us not regulate the paper or the code, but regulate the actors and the activity they are looking to provide. Regulations should protect society and mitigate centralised risks. DeFi removes many risks in today’s system, and opens markets to wide democratic access. We need regulations that control the DeFi risks, we should not force regulations on DeFi that are designed to prevent centralised bad actors.
To that end, while available evidence suggests the ML/TF risks posed by DeFi are presently limited, the potential for their rapid mass adoption has rightly prompted interest in these systems from regulatory bodies around the world. Effectively addressing ML/TF risk in the disintermediated ecosystem will require a new paradigm that is not focused on the roles and responsibilities of gatekeepers but rather employs technological solutions that support law enforcement efforts to monitor the decentralised financial system and illicit activities.
Adopting this innovative approach will ensure society can enjoy the benefits of DeFi while simultaneously satisfying law enforcements’ needs. We therefore respectfully propose the following principles to guide the regulation of DeFi:
1. Regulation imposed on a business should consider broader contextual factors in relation to the corresponding business model. This should help to ensure the issuance of rules that are pragmatic and enforceable. For example, a business that processes transaction data without having access to any client funds might be subjected to data retention rules, but it should not have any obligations to freeze or otherwise interfere with client assets if it cannot technically do so.
2. Regulation should not introduce analogue or manual steps into otherwise digital processes. An exclusively digitally acting financial intermediary should be allowed to entirely rely on digital data in its business process (i.e. know-your-customer, where we have observed recent examples where exchange onboarding obligations have been created that require in-person know your customer (KYC)). The same is true for the introduction of manual verification steps into otherwise fully automated processes, which destroys the potential and opportunity of otherwise scalable business models, thereby harming economic growth.
3. Allow financial intermediaries to collaborate when identifying clients. Across regions, the law requires every financial intermediary to repeat the complete KYC process for every client, even when other financial intermediaries have identified the same client immediately before that. In a decentralised setup with many independent actors rendering part of a financial service, this can lead to a user having to complete all KYC forms multiple times just to execute a single transaction. This puts decentralised setups at a disadvantage compared to centralised service providers. In order to avoid overly redundant paperwork, financial intermediaries should be allowed to share client information for the purpose of fulfilling KYC duties and to rely on third party identity proofs instead of having each intermediary repeating the same steps again for the same client.
4. Regulation should recognise the reduced risk of public blockchain-based transactions and therefore develop a differentiated, risk-based approach. Internationally, AML regulation is based on a “risk-based approach”. When dApps provide for publicly visible transactions, they pose a much lower money-laundering risk than private transactions. A risk-based approach should consider this variety of new applications and their specific risks and apply more differentiated measures. These new challenges cannot be solved with the established solutions. Pushing them into traditional, opaque setups will only increase the ML/TF risks. The lower risk of open blockchain-based transactions should be recognised and transparency rewarded.
5. Implementation guidelines of basic regulatory principles should be conducted in a collaborative way with the DeFi industry. Regulators should collaborate with industry experts (including coders) firstly, to inform themselves about this rapidly developing space, from a technological and a broader perspective. This will help policymakers and authorities to understand the likely future path of DeFi developments and draw regulatory response strategy. Second, a multi stakeholders approach should be taken to develop regulatory principles and guidance for DeFi. Third, given the fast pace of DeFi developments, authorities should maintain a continuous dialogue with the DeFi community to keep up to date with the latest developments and trends and in order to respond adequately, timely and in a flexible manner.
6. Given the global nature of crypto, an enhanced level of cooperation and
collaboration between regulators and the industry is required. We encourage to further enhance the level of global collaboration between regulators and agencies as well as of regulators with the global industry in newly founded fora to enable and deliver innovative, consumer-friendly and harmonised regulatory principles. In parallel, regulators should take a broader look at their mandate to respond to the innovation coming out of the industry space. Furthermore, closer collaboration will also ensure regulators are able to fulfill their respective mandates, while not only enabling innovators to innovate, but also will help to improve the existing regulatory regimes. In line with the regulator’s mandate, this could lead to more efficient execution, leaner structures and better consumer protection. Overall, closer collaboration between regulators and the global industry will lead to better rules, easier application and reduced costs. In return, such gained efficiencies will result in more efficient, globally applicable regulatory principles, while increasing consumer and investor protection, economic growth and creating jobs worldwide.