Ref. Ares(2022)5104167 - 13/07/2022
Regulatory Principles for
Decentralised Finance (DeFi)
The cryptocurrency ecosystem in general and the
Decentralised Finance (DeFi) space
in particular has seen
extraordinary growth over the last year. These developments have
triggered increasing regulatory activity and scrutiny. It is
crucial that the rapid growth of
DeFi is
well understood by authorities to adequately align their regulatory approaches to this space.
Overall,
DeFi is still in an early phase of innovation and experimentation. The main risk from
the regulatory side is premature regulation, thereby potentially stifling innovation and preventing
original new ideas from emerging. Therefore, we
propose an open dialogue between
regulators and industry stakeholders by establishing global and/or regional fora as well as
calling for consultations. Furthermore, we encourage regulators to engage in industry working
groups, to observe and exchange views in the process of policymaking as well as in adjusting
existing rules. Following this approach, we are optimistic about achieving common goals for both
regulators and the DeFi industry.
Mindful of the challenges that DeFi presents to authorities and regulators, this letter aims
to contribute to the
educational and collaborative effort by outlining benefits of DeFi, explain
decentralised protocols and decentralised applications (DApps), and describe the
role of
smart contracts. It then sets out several principles for approaching regulation of the DeFi space.
The letter aims to help authorities avoid potential pitfalls by providing regulatory recommendations
by the industry.
The
first sentence of the Bitcoin whitepaper reads, “
A purely peer-to-peer version of
electronic cash would allow online payments to be sent directly from one party to another without
going through a financial institution” (link for refs). The crypto currency movement follows a
philosophy of striving for a greater good in which individuals have the ability and authority to
control their own destinies.
DeFi is a logical extension of this ethos. Right now there is a
deficit of trust in both the public and private sectors to conduct effective and reliable
financial management for all members of society.
Within many DeFi protocols exists the antithesis of centralised players; for example,
in traditional financial marketplaces, single liquidity providers called “
market makers” exist
whereas DeFi introduces
automated market makers (AMM) or
constant function market
makers (CFMM) (link for ref) where anyone can participate as a liquidity provider. Finally, the
absolute accessibility of DeFi - it is global, always turned on, can be accessed by anyone and
will run in perpetuity -
offers benefits that traditional centralised financial services cannot.
DeFi protocols allow individuals to perform a variety of financial transactions
electronically on a non-custodial basis without the participation of an intermediary.
Perhaps most notably, DeFi represents one of the most promising solutions to the longstanding
challenge to
increase financial inclusion, a challenge that has long hindered universally shared
goals such as eradicating poverty and supporting the development of emerging economies. Of
course, DeFi, once it matures,
will also offer security, both through advanced encryption and
by not placing reliance on centralised gatekeepers that may be the subject of hacking and
exploitation from increasingly sophisticated illicit actors. Among the numerous
other advantages of DeFi are
lower costs, increased transparency, mitigation of systemic risks including
reliance on (systemically important) financial market utilities/infrastructures, increased
certainty, increased market competition, and protection of privacy. These benefits have
driven the meteoric adoption of DeFi services over the last year.
There is
currently no legal definition of DeFi, and its interpretation can vary significantly.
DeFi is generally based on dApps or protocols.
It employs public Blockchain networks and smart
contracts to build open, transparent, composable, and non-custodial financial protocols. It is an
ecosystem comprising applications built on top of public decentralised ledgers for the facilitation
of permissionless financial services. The DeFI stack
generally consists of 5 layers:
aggregation, application, protocol, asset, and settlement. The protocol layer in particular
“
provides standards for specific use cases such as decentralised exchanges, debt markets,
derivatives, and on-chain asset management. The standards are usually implemented as a set of
smart contracts and are highly interoperable.” Ultimately,
we recommend that regulators
analyse decentralised protocols in great detail and conduct thorough impact assessments
before deciding to intervene. A key factor for regulatory intervention is the level of
decentralisation of a project, which can change and evolve over time.
DeFi
is based on dApps that run on decentralised ledgers and provide non-custodial
financial networks that do not involve intermediaries. This layer of the DeFi
stack creates user-
oriented applications that connect to individual protocols. The smart contract interaction is usually
abstracted by a web browser-based front end, making the protocols easier to use.
dApps provide
services similar to those offered by typical consumer applications but leverage decentralised
ledgers to eliminate intermediaries and grant users more control over their data.
When designing regulatory solutions, one must be mindful to regulate activity and
outcome and not technology. Often, it is useful to use an analogy to highlight risks. Consider
one of the most basic forms of technology, that of paper and pencils. Regulating this technology
appropriately would look at the output and the use of this paper, not the paper itself. Indeed, pass
a blank sheet of paper to an eight year old and the output will be a poem, art, or some part of the
child's brain captured. Pass a similar paper to a legal team, and you have a legal contract. The
output of these is very different, and one should regulate the legal contract but not the poem.
Regulating the paper risks preventing human imagination from running free. We face a similar
position today with code, smart contracts, and decentralised activity. Let us not regulate the paper
or the code, but regulate the actors and the activity they are looking to provide. Regulations should
protect society and mitigate centralised risks. DeFi removes many risks in today's system, and
opens markets to wide democratic access. We
need regulations that control the DeFi risks,
we
should not force regulations on DeFi that are designed to prevent centralised bad
actors.
To that end, while available evidence suggests the ML/TF risks posed by DeFi are
presently limited, the potential for their rapid mass adoption has rightly prompted interest in these
systems from regulatory bodies around the world.
Effectively addressing ML/TF risk in the
disintermediated ecosystem will require a new paradigm that is
not focused on the roles
and responsibilities of gatekeepers but rather
employs technological solutions that support
law enforcement efforts to monitor the decentralised financial system and illicit activities.
Adopting this innovative approach will ensure society can enjoy the benefits of DeFi while
simultaneously satisfying law enforcements’ needs. We therefore respectfully
propose the
following principles to guide the regulation of DeFi:
1.
Regulation imposed on a business should consider broader contextual factors in
relation to the corresponding business model. This should help to ensure the issuance of
rules that are pragmatic and enforceable. For example, a business that processes transaction
data without having access to any client funds might be subjected to data retention rules, but it
should not have any obligations to freeze or otherwise interfere with client assets if it cannot
technically do so.
2.
Regulation should not introduce analogue or manual steps into otherwise digital
processes. An exclusively digitally acting financial intermediary should be allowed to entirely rely
on digital data in its business process (i.e. know-your-customer, where we have observed recent
examples where exchange onboarding obligations have been created that require in-person know
your customer (KYC)). The same is true for the introduction of manual verification steps into
otherwise fully automated processes, which destroys the potential and opportunity of otherwise
scalable business models, thereby harming economic growth.
3.
Allow financial intermediaries to collaborate when identifying clients. Across
regions, the law requires every financial intermediary to repeat the complete KYC process for
every client, even when other financial intermediaries have identified the same client immediately
before that. In a decentralised setup with many independent actors rendering part of a financial
service, this can lead to a user having to complete all KYC forms multiple times just to execute a
single transaction. This puts decentralised setups at a disadvantage compared to centralised
service providers. In order to avoid overly redundant paperwork, financial intermediaries should
be allowed to share client information for the purpose of fulfilling KYC duties and to rely on third
party identity proofs instead of having each intermediary repeating the same steps again for the
same client.
4.
Regulation should recognise the reduced risk of public blockchain-based
transactions and therefore develop a differentiated, risk-based approach. Internationally,
AML regulation is based on a “
risk-based approach”. When dApps provide for publicly visible
transactions, they pose a much lower money-laundering risk than private transactions. A risk-
based approach should consider this variety of new applications and their specific risks and apply
more differentiated measures. These new challenges cannot be solved with the established
solutions. Pushing them into traditional, opaque setups will only increase the ML/TF risks. The
lower risk of open blockchain-based transactions should be recognised and transparency
rewarded.
5.
Implementation guidelines of basic regulatory principles should be conducted in a
collaborative way with the DeFi industry. Regulators should collaborate with industry experts
(including coders) firstly, to inform themselves about this rapidly developing space, from a
technological and a broader perspective. This will help policymakers and authorities to understand
the likely future path of DeFi developments and draw regulatory response strategy. Second, a
multi stakeholders approach should be taken to develop regulatory principles and guidance for
DeFi. Third, given the fast pace of DeFi developments, authorities should maintain a continuous
dialogue with the DeFi community to keep up to date with the latest developments and trends and
in order to respond adequately, timely and in a flexible manner.
6.
Given the global nature of crypto, an enhanced level of cooperation and
collaboration between regulators and the industry is required. We encourage to further
enhance the level of global collaboration between regulators and agencies as well as of regulators
with the global industry in newly founded fora to enable and deliver innovative, consumer-friendly
and harmonised regulatory principles. In parallel, regulators should take a broader look at their
mandate to respond to the innovation coming out of the industry space. Furthermore, closer
collaboration will also ensure regulators are able to fulfill their respective mandates, while not only
enabling innovators to innovate, but also will help to improve the existing regulatory regimes. In
line with the regulator's mandate, this could lead to more efficient execution, leaner structures and
better consumer protection. Overall, closer collaboration between regulators and the global
industry will lead to better rules, easier application and reduced costs. In return, such gained
efficiencies will result in more efficient, globally applicable regulatory principles, while increasing
consumer and investor protection, economic growth and creating jobs worldwide.
***