The world’s regulators are watching DeFi
Decentralized finance (DeFi) is heading into regulators’ crosshairs, but they don’t seem set on taking it out – yet, anyway. Instead, a pair of reports from US and French authorities seem more focused on understanding what kind of risks DeFi might pose to both users and the wider financial world, and whether there are ways to mitigate those risks while still allowing their operation.
You’re reading State of Crypto, a CoinDesk newsletter that looks at the intersection of cryptocurrency and government. click here to sign up for future issues.
Decentralized finance (DeFi) is suddenly a big topic of concern among financial regulators, with both the US and France publishing reports analyzing the potential risks these projects could pose to their respective governments and making recommendations for how regulators and developers can mitigate those concerns.
DeFi has been a growing part of the crypto sector for some time now, but recent exchange collapses, bank failures, and lender bankruptcies are casting a wider spotlight on decentralized (or allegedly decentralized) projects. Regulators are now looking at how to oversee these devices and services.
The US risk assessment pointed to some of the major hacks and issues in DeFi in recent months, such as North Korea’s use of DeFi to launder funds and other related concerns about how DeFi projects may not meet know-your-customer/anti- money laundering rules (KYC/AML) or just being very easy to steal from.
To be clear, these reports weren’t exactly positive for crypto. For example, the US report noted that many DeFi projects are open source in the hope that the wider community can discover vulnerabilities, but this same open source can allow attackers to find an exploit.
“This vulnerability can be amplified if the smart contracts are not carefully written or if they lack a mechanism for rapid deactivation or changes if a critical exploit is identified,” the US report said. “As such, it is critical that the DeFi service identifies and addresses vulnerabilities and potential exploits in open source code.”
But the report seems fairly neutral towards DeFi itself – recommendations ranged from “strengthening existing oversight and enforcement actions” to meet legal requirements to better engagement with private sector projects.
The French report similarly suggested that the government could create a set of “minimum standards” that would define how it assessed risk and decentralization, or otherwise try to move financial transactions to specifically private blockchains. The report even suggested going so far as to create a certification for developers to meet.
The US Treasury Department also asked a number of questions for public feedback, including how it would determine whether a given DeFi project is actually a financial institution subject to Bank Secrecy Act regulations.
The US report even hinted at the proposal to provide additional guidance for projects that could provide clarity.
“The assessment finds that the non-compliance of covered DeFi services with AML/CFT obligations may be due in part to a lack of understanding of how AML/CFT regulations apply to DeFi services,” said the report, which refers to combating the financing of terrorism ( CFT). “Are there further recommendations for ways to clarify and remind DeFi services that fall under the BSA definition of a financial institution of their existing AML/CFT regulatory obligations?”
Although the reports are often quite critical of DeFi, both seem to operate from an understanding that these projects will continue to operate, and they do not call for banning this segment of the crypto sector.
It’s that time of year again folks. CoinDesk’s Consensus 2023 will be held on 26-28 April in Austin, Texas. I will moderate four sessions: one-on-one discussions with Coinbase’s Paul Grewal, NYDFS’ Adrienne Harris and CFTC’s Christy Goldsmith Romero, and a panel with House Financial Services Committee Chair Rep. Patrick McHenry and Senator Cynthia Lummis. As always, I’m interested in what you’re interested in: If you have questions for any of these speakers, email me, subject line “Consensus 2023 Questions,” and I can ask the best on stage.
If you have thoughts or questions about what I should discuss next week or any other feedback you’d like to share, feel free to email me at [email protected] or find me on Twitter @nikhileshde.
You can also join the group conversation at Telegram.