Regulation for Decentralized Finance

Approaches to Regulation for Decentralized Finance

By: James R. Holbein, of Counsel, Braumiller Law Group and Justin Holbein

What Is DeFi and Why Is It Controversial?

Decentralized Finance (DeFi) is a term describing the assortment of different financial applications enabled by blockchain technology and cryptocurrency with the aim to decentralize financial services that are currently intermediated by financial institutions. There is controversy with DeFi applications due precisely to this disruption, because many of the functions being developed on DeFi platforms disrupt centralized financial services. This brings new challenges and opportunities, as DeFi protocols can create accessible and democratic financial services that are directly controlled by users. The challenge lies in that the field is rapidly evolving and has been rife with hacking and claims of criminality, so regulating the space can be a challenge. The disruptive factor of DeFi starts in an often-overlooked area of our digital lives: ownership. 

DeFi is neither a legal nor a technical term. It is nonetheless increasingly used in the context of discussions about the future evolution of finance and its regulation. Common usage incorporates one or more elements of: (i) decentralization; (ii) distributed ledger technology and blockchain; (iii) smart contracts; (iv) disintermediation; and (v) open banking. While decentralized systems such as Bitcoin rely on distributed ledger technology (DLT) and blockchain to underpin token-based ecosystems, the combination of DLT and blockchain is not the only way to achieve decentralization. Further, many distributed ledgers (and most distributed ledgers operated by large financial intermediaries) operate today with a hierarchical, centralized governance model, limiting access to permissioned participants only. In turn, decentralized does not necessarily mean distributed. In a similar way, disintermediation is not a prerequisite for decentralization; rather, disintermediation may be one (side) effect of decentralization, given that the establishment costs of centralized infrastructure will be difficult to recoup in a world where services can be provided on a distributed or decentralized basis.

In the context of our lives, physical ownership is often taken for granted. You or I can buy our own clothes, own a house, buy a car, and then do what we like with it. I can paint my new car bright teal, install a muffler, add a big spoiler, and no one can interfere with my doing what I want with my own property, so long as I don’t hurt anyone. In the digital space, these same rights we take for granted in our physical lives just do not exist in the same form. Almost all digital ownership on the internet is mediated through the big Web 2.0 companies (Google, Apple, Facebook, Amazon), governments, or institutional banks. Our ownership rights online often take the form of long user agreements that are arcane for the general user, and allow these intermediaries to have users trade their data, online rights, financial data, etc., in order to utilize the service provided by these organization. These incentives can and do become perverse and are at the heart of so many of the societal conflicts we see today, from the de-platforming of different users from social media, to censorship involving who can use banking services, and the knowledge that these intermediaries can change the rules in their favor at any time. This fact has led to consistent failures in how we organize and own things in the digital realm, and these failures will become more pronounced over time.

Fortunately, blockchain technology offers many solutions to this problem. Blockchain networks disintermediate the person behind the computer who can change the rules in his or her benefit at the expense of the majority of users and replaces that person with cryptographic guarantees that the network will run as intended, without interference. This is a pronounced feature of the Ethereum network, which provides a robust infrastructure to run smart contracts on a blockchain. Smart contracts are akin to regular contracts, in that two or multiple parties make an agreement that is then embedded in the code of the token, and then there is an audit process that occurs to verify whether the contract has been fulfilled. Smart contracts take this a step beyond and are self-executing, and when combined with the immutable and open nature of the blockchain, provide a powerful recipe to create all kinds of new agreements without needing an intermediary who can adjust the rules in their favor and add costs and inefficiency through multiple layers of computer and human processing.

Smart contracts enable many applications within blockchain protocols. Particularly in decentralized finance (DeFi), smart contracts are enabling new types of financial interactions that are being combined in increasingly powerful ways. DeFi protocols and networks aim to open financial services to users that traditionally were held by centralized entities. These services include, but are not limited to, borrowing, lending, and trading. DeFi is not a singular product or company but comprises a variety of decentralized applications that are open source, permissionless, immutable, and composable. The composability aspect of DeFi applications is where their potential begins to shine. You can combine the smart contracts of different DeFi protocols with one another to create what users in the crypto sector call “money legos.” While at this initial stage, these combinations reflect traditional financial offerings, they have the potential create new types of financial applications for users that have not existed before.  The autonomous processing capabilities offer reduced costs, significant efficiency gains, much higher processing speeds, and enhanced transparency.

For all the potentials of DeFi applications, there are also a bevy of risks associated with them, along with concerns for investors and users alike. DeFi applications are not always as decentralized as they first appear, and savvy creators can mimic the language of protocols and still maintain centralized control over the offerings, and even act against the best interests of the users. The protocols are largely unregulated, which present major concerns about money laundering and criminal activity. DeFi applications offer high yields for users when compared to traditional offerings, and in the case of extremely high yields, there can be high risk that isn’t always apparent to the user. As the space accelerates, it will become increasingly important both for users to educate themselves on the risks and potentials, and also for the use cases to clarify.

The benefits of DeFi become apparent when considering just how many adults in the world remain unbanked: 1.7 billion according to the World Bank’s 2017 Findex report (https://globalfindex.worldbank.org/).  Without access to a robust banking system, reliable currency, a legitimate titling system for property, under-developed infrastructure, inability to easily send remittances internationally, etc., the ideas and economic contributions of these billions of people remains constrained. DeFi offers an opportunity to go beyond this state of affairs and put financial tools in the hands of anyone with a smartphone. Not only that, DeFi democratizes access to financial instruments, and unleashes creativity to combine these instruments in new ways for anyone with a smart phone.

Obviously, certain institutions may see this as a threat, but it is also an opportunity, as centralized financial institutions can take a leading role in using their expertise to facilitate access and onboarding of new users into the evolving decentralized financial system. Blockchain technology also represents a significant technological upgrade and cost reduction mechanism for institutions as well, such as enabling costly audits to be performed instantly and in real time. The biggest systemic risk lies in the lack of clarity on regulation, as these technologies are too often seen not as an opportunity, but as a destabilizing threat. The more regulators can empower the development of these technologies by regulating with common sense and intelligent frameworks, the more they can be used in a beneficial way to democratize access and usage of finance, while reducing costs and fraud, and pushing ahead how we coordinate our economic and financial lives.

Hence, in this article we understand DeFi to comprise, at its core, what its simple name suggests: the decentralized provision of financial services through a mix of infrastructure, markets, technology, methods, and applications. Decentralized provision of financial services means, in turn, provision by multiple participants, intermediaries, and end-users spread over multiple jurisdictions, with interactions facilitated, and often in fact enabled in the first place, by technology.” (footnotes omitted).  (Decentralized Finance, Zetzsche, Arner, and Buckley, Journal of Financial Regulation, 2020, 6, 172–203, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3539194).

What Is the State of Regulation of DeFi in the U.S?

Bitcoin debuted as the first crypto-currency in 2008 with the publication of a white paper (text at https://bitcoin.org/bitcoin.pdf).  Ethereum introduced smart contracts, distributed autonomous organizations, distributed applications and a new approach to crypto-currency in a 2013 white paper (text at: https://ethereum.org/en/whitepaper/).  The United States regulatory authorities for this new area of financial and organizational activity are primarily the Securities and Exchange Commission and the Commodities Futures Trading Corporation.  Regulation of DeFi could implicate a variety of statutes including, but not limited to, the Bank Secrecy Act, the Anti-Money Laundering Act, the Commodities Exchange Act, and other laws.  It is not clear what the regulatory posture will be for this type of financing because the current regulatory structures are generally based on a centralized, hierarchical approach that worked very well for decades, but is not readily adaptable to the decentralized, digital, cryptographic approach that is rapidly evolving outside of government controls.

Security and Exchange Commission (SEC)

As recently stated by the new Chairman of the SEC, Gary Gensler, “Currently, we just don’t have enough investor protection in crypto finance, issuance, trading, or lending. Frankly, at this time, it’s more like the Wild West or the old world of “buyer beware” that existed before the securities laws were enacted. This asset class is rife with fraud, scams, and abuse in certain applications. We can do better.”  (Testimony Before the United States Senate Committee on Banking, Housing, and Urban Affairs, September 14, 2021,  https://www.sec.gov/news/testimony/gensler-2021-09-14).

The SEC has taken a position that, “Digital assets may be referred to in the industry by labels such as “virtual assets,” “crypto-assets,” “digital tokens,” “digital coins,” “digital currencies,” “cryptocurrencies,” and “convertible virtual currencies.”  Financial activities involving digital assets may also be referred to as “initial coin offerings” or “ICOs.”  (Leaders of CFTC, FinCEN, and SEC Issue Joint Statement on Activities Involving Digital Assets, October 11, 2019 – hereinafter “Joint Testimony”). https://www.sec.gov/news/public-statement/cftc-fincen-secjointstatementdigitalassets).

By law, the SEC regulates securities and securities-related conduct in order to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.  The SEC views activities involving digital assets to be securities-related so that the registration or other statutory or regulatory obligations under the federal securities laws apply to persons engaged in such activities.

The SEC push is clearly to bring crypto assets and DeFi approaches within the purview of SEC governance.  Calling crypto-currency “securities” and decentralized platforms for peer-to-peer transactions “exchanges” is viable, but the regulatory bases are barely adequate.  As recently stated by the new Chair of the SEC, “ … crypto lending platforms and so-called decentralized finance (“DeFi”) platforms raise a number of challenges for investors and the SEC staff trying to protect them.” (Testimony Before the Subcommittee on Financial Services and General Government, U.S. House Appropriations Committee, May 26, 2021, https://www.sec.gov/news/testimony/gensler-2021-05-26).  The SEC has undertaken many enforcement actions in the crypto sector, more than half involving the surge of Initial Coin Offerings, (ICO) in 2017-18.  “Many of these tokens are investment contracts under the securities law. Over the years, the SEC has brought 75 cases in this area.”  (Gensler Testimony May 26, 2021).

Commodities Futures Trading Commission (CFTC)

Many in the crypto space seek to have the lighter regulatory touch of the CFTC applied to crypto-currency and DeFi organizations or methods. “The mission of the CFTC is to promote the integrity, resilience, and vibrancy of the U.S. derivatives markets through sound regulation. In advancing that mission, the CFTC regulates key participants in the derivatives markets, including boards of trade, futures commission merchants, introducing brokers, swaps dealers, major swap participants, retail foreign exchange dealers, commodity pool operators, and commodity trading advisors pursuant to the Commodity Exchange Act (CEA).”  (Joint Statement).

“The CFTC’s jurisdiction over digital assets deemed commodities is not as far reaching as the SEC’s jurisdiction over securities. For example, the CFTC has exercised anti-fraud and anti-manipulation authority over virtual currencies that are traded as a commodity in interstate commerce or that are traded for future delivery, rather than immediate delivery. It also has more limited regulatory oversight over virtual currency spot markets that use margin, leverage, or financing.”  (Decentralized Finance—Risks, Regulation, and the Road Ahead, September 1, 2021, Daily, Hanson, Kirkpatrick, and Spiegler, https://www.jdsupra.com/legalnews/decentralized-finance-risks-regulation-9351911).

Classifying DeFi methods as commodities trading may well be a stretch given the peer-to-peer nature of the basic financial activities of lending and payment facilitation that underpins much of the sector.  The creative approach being taken to decentralizing financial activities is likely to require a new look at the traditional regulatory model across the board.

Financial Crimes Enforcement Network (FinCEN)

It is important to note that the mission of the Treasury Department’s FinCEN unit is to deal with financial institutions.  DeFi is the antithesis of that model of centralized institutions that hold and control money.  It is hard to reconcile that FinCEN has a role to regulate decentralized peer-to-peer financial activity that relies upon no central authorities to mediate the activities of the participants.  Yet FinCEN has issued regulations that seem to bring the activities of DeFi within its regulatory purview.  “FinCEN’s BSA regulations define a “money transmitter” as a person engaged in the business of providing money transmission services or any other person engaged as a business in the transfer of funds.  The term “money transmission services” means “the acceptance of currency, funds or other value that substitutes for currency from one person and the transmission of currency, funds or other value that substitutes for currency to another location or person by any means. In May 2019, FinCEN issued interpretive guidance (2019 CVC Guidance) to remind persons subject to the BSA how FinCEN regulations relating to MSBs apply to certain business models involving money transmission denominated in value that substitutes for currency, specifically, convertible virtual currencies.” (Joint Statement).

“As a bureau of the Department of the Treasury, FinCEN is the administrator of and lead regulator under the BSA — the nation’s first and most comprehensive AML/Combatting the Financing of Terrorism (CFT) statute. FinCEN’s mission is to protect our financial system from illicit use, ensure our national security, and protect our people from harm.  FinCEN has supervisory and enforcement authority over U.S. financial institutions to ensure the effectiveness of the AML/CFT regime.  As such FinCEN mandates certain controls, reporting, and recordkeeping obligations for U.S. financial institutions.  The BSA and its implementing regulations set forth the regulatory obligations that generally apply to financial institutions, including AML Program, recordkeeping, and reporting requirements.”  (Joint Statement).

The overwhelming concerns that crypto is being used to facilitate terrorism and money laundering, due at least in part to the anonymous nature of the players, is driving much of this regulatory inclusion.  Coupled with the chaotic evolution of this sector, it is inevitable that FinCen will monitor and investigate much of the activity.  The ability to track cypto “wallets” that are identified on the various blockchains may be a key feature of crypto regulation that could enable some identification of wallet owners for large transactions while maintaining anonymity for the majority of users involved in smaller transactions.

Office of the Comptroller of the Currency (OCC) and the Bank Secrecy Act (BSA)

“The Bank Secrecy Act (BSA), 31 USC 5311 et. seq., establishes program, recordkeeping and reporting requirements for national banks, federal savings associations, federal branches, and agencies of foreign banks. The OCC’s implementing regulations are found at 12 CFR 21.11 and 12 CFR 21.21. The BSA was amended to incorporate the provisions of the USA PATRIOT Act which requires every bank to adopt a customer identification program as part of its BSA compliance program.”  FinCEN website at https://www.occ.treas.gov/topics/supervision-and-examination/bsa/index-bsa.html.

One of the biggest risks posed by crypto assets generally and DeFi approaches specifically is that transactions are both transparent on the blockchain, but anonymous as to the participants.  This poses a risk of potential criminal activity, including money laundering, that the BSA is designed to address.  For that reason, the BSA and anti-money laundering (AML) and “know your customer” (KYC) regulations are being applied to the crypto sector.  Some crypto users remain reluctant or outright opposed to revealing their identities and complying with these regulations.  It is highly unlikely that the promise of DeFi and the crypto technologies will be fully realized without some way to identify players for enforcement authorities to prevent crime and terrorism.  That protective regulation is important for all players but is anathema to many crypto proselytizers.

The regulatory authorities have drawn have already identified the key characteristics of programs that will be acceptable.  “An AML Program must include, at a minimum, (a) policies, procedures, and internal controls reasonably designed to achieve compliance with the provisions of the BSA and its implementing regulations; (b) independent testing for compliance; (c) designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls; and (d) ongoing training for appropriate persons.  Rules for some financial institutions refer to additional elements of an AML Program, such as appropriate risk-based procedures for conducting ongoing customer due diligence.”  (Joint Statement).  At a minimum, smart contracts will probably have to bake into the code some aspects of this list in order to become more widely acceptable and useful to businesses and individuals seeking to employ these new technologies seamlessly.

As noted by the Joint Statement, many of the aspects of AML programs, based upon centralization of financial services within an identifiable, well-regulated entity, are not really compatible with the decentralized nature of DeFi.  “The label or terminology used to describe a digital asset or a person engaging in or providing financial activities or services involving a digital asset, however, may not necessarily align with how that asset, activity or service is defined under the BSA, or under the laws and rules administered by the CFTC and the SEC. For example, something referred to as an “exchange” in a market for digital assets may or may not also qualify as an “exchange” as that term is used under the federal securities laws. As such, regardless of the label or terminology that market participants may use, or the level or type of technology employed, it is the facts and circumstances underlying an asset, activity or service, including its economic reality and use (whether intended or organically developed or repurposed),that determines the general categorization of an asset, the specific regulatory treatment of the activity involving the asset, and whether the persons involved are “financial institutions” for purposes of the BSA.”  (Joint Statement).  So, the evolution of the technology and the application of the current centralized model both depend on revisioning how assets are owned, held, exchanged, tracked, and used.  This process has been unfolding slowly over the last decade, but the technology will not be held back forever, nor will the authorities fail to reach a regulatory approach that can unleash the power of DeFi for the long term.

Conclusions

The rapidly changing landscape in the crypto and DeFi sector is hindering legislative efforts to legally clarify the status of this form of financial assets and the active trading and use of such assets.  The SEC views itself as the protector of a burgeoning class of investors and therefore is actively seeking to adapt existing regulations to this new environment.  As the sector adapts to the regulatory push, there is an ongoing evolution in approaches to tokenization of crypto, new organizations, and alternative methods to keep the sector decentralized, yet ensure that those benefiting from innovation in the sector can continue to evolve the tools responsibly.

DeFi has an important role to play to democratize access to financing, provide readily accessible means to prove ownership of assets, and enable the majority of people to freely participate in the financial system.  The importance of enfranchising major parts of the global population through access to financial services is clear when 12% of people own 85% of the wealth in the world, and a bare majority of the remaining 88% of people that own the remaining 15% have no access to banking or other financial services, (This Simple Chart Reveals the Distribution Of Global Wealth, by Anshool Deshmukh, September 20, 2021, The Visual Capitalist, https://www.visualcapitalist.com/distribution-of-global-wealth-chart/).  It is important for the regulators to protect investors and consumers, but it is also important to enfranchise small business, the poor, and anyone who simply cannot comply with existing centralized system requirements.  Striking a balance between these competing values will be the real challenge to realizing the promise of DeFi and the crypto sector.

Authors

James R. Holbein is Counsel to the Braumiller Law Group PLLC. He practices in the area of international trade and customs law and has written several articles exploring the potential for new digital technologies to reshape supply chains and improve access to financial services.

Justin Holbein has been active in the blockchain space in many capacities since 2014.  He is certified in data analytics and Python programming and is an active participant in several Ethereum-based decentralized autonomous organizations (DAOs).  He contributes analysis and uses smart contracts to develop solutions to coordination problems in the DeFi and DAO space.

Sources