DeFi Is the Next Frontier for Fintech Regulation

Regulators need a new approach to regulate Decentralized Finance.

If the existing puzzles of new financial technology—or fintech—were not enough, regulators must now confront an even deeper challenge: blockchain-based decentralized finance, or DeFi for short.

DeFi services use cryptocurrencies and smart contracts to recreate traditional financial instruments and generate new ones. They promise a dynamic, disintermediating revolution in finance. And because they employ decentralized permissionless blockchains as their settlement layer, DeFi platforms are open to anyone with access to cryptocurrencies.

DeFi promises significant benefits, including democratized access to financial products, improved market efficiency, easier access to liquidity, enhanced financial privacy, and faster innovation. DeFi, however, also poses serious and multifaceted risks.

Many of these risks are familiar to financial regulators; some are not. Given the swift growth and evolution of DeFi, regulators cannot afford to wait for market forces to mitigate the risks. I lead a project, in partnership with the World Economic Forum, that is in the process of developing a DeFi policymaker toolkit to assist governments around the world in appropriately addressing this phenomenon.

DeFi, like fintech, is a broad term for a variety of activities. From a regulatory perspective, a proper definition of scope is important. DeFi does not encompass every use of cryptocurrency for financial purposes. The World Economic Forum’s new toolkit identifies three distinctive characteristics of DeFi:

  1. Trust-minimized operation and settlement (based on decentralized blockchain networks rather than traditional databases);
  2. Non-custodial design (in which investors do not give up control of their assets to intermediaries); and
  3. Programmable, open, and composable architecture (allowing services to be modified and combined easily through software code and interfaces).

DeFi is, in some sense, the next step beyond fintech. It does not just build financial services natively as software, but it recreates the entire ecosystem of finance on novel technical foundations. For example, decentralized exchanges, such as Uniswap, replace the market-making and custody features of exchanges with a powerful algorithm that dynamically adjusts prices and executes trades based on available liquidity. DeFi credit services, such as Compound, use dynamic applications to match lenders and borrowers. DeFi derivatives platforms, such as Synthetix, create synthetic assets that automatically track the value of commodities, stocks, indices, or any combination of financial instruments. Other DeFi platforms offer insurance, asset management, and other higher-order financial services.

And because DeFi services are programmable and composable, these examples are just the start.

Until recently, the blockchain and fintech worlds developed along parallel tracks. Even as the prices of bitcoin and other cryptocurrencies skyrocketed in recent years, the intermediaries facilitating these trades were primarily traditional trading firms and centralized exchanges, such as Coinbase, rather than DeFi platforms.

DeFi alternatives took off in 2020. That year, user wallets associated with DeFi services grew by a factor of 11.  As of early March 2021, over $40 billion of cryptocurrency were locked into DeFi collateral pools, up from less than $1 billion in 2019. One reason for the growth was the maturation of stablecoins—cryptocurrencies designed to track the value of stable assets, such as the U.S. dollar. Stablecoins addressed the market risk of investing based on volatile cryptocurrencies, such as bitcoin. A second reason was the emergence of incentive structures, such as yield farming and governance tokens, through which participants earn returns for providing liquidity to DeFi services.

From a regulatory standpoint, DeFi poses several types of risks. Blockchain networks are decentralized and global, so participation in DeFi activities does not require interaction with the regulated financial system or other national legal regimes, such as taxation and national identity systems.

Even when a corporate entity develops the software for a DeFi service, the service itself is just software code executing on a blockchain and accessible to all through the internet, making enforcement challenging. The problems of fraud, money laundering, and financing illicit activities that have long been widespread in the world of cryptocurrencies and initial coin offerings are also serious concerns for DeFi.

DeFi also poses unique regulatory challenges that will become more serious as it grows.

Although the underlying settlement layer of major blockchains—such as Ethereum—is highly secure, the smart contract code powering DeFi services may not be. There have already been many instances of attackers exploiting bugs to drain millions of dollars. Other attacks exploit the automated nature of DeFi protocols themselves. For example, oracle attacks manipulate the external price feeds flowing into DeFi trading algorithms. If an application automatically sells collateral when an index hits a certain price, an attacker can profit illegitimately if they manipulate that price. Flash loans, which create temporary liquidity as a new block is added to the blockchain, make such attacks more dangerous.

The decentralized governance of DeFi services poses significant operational challenges, such as management of cryptographic keys and game-theoretic design of token voting structures, which are not well-understood in financial risk management and compliance. In addition, DeFi is so new—and so complex due to its composable infrastructure made up of many different services—that market behavior is especially difficult to predict. The vulnerabilities and systemic risks associated with DeFi projects may differ from those in traditional finance.

To address DeFi risks, regulators must map these risks onto their matrix of public policy objectives, including investor protection, market integrity, and financial crime prevention. As with any new market, classification issues will be challenging. The panoply of existing regulatory categories arose under different statutory and administrative frameworks that were designed with centralized financial services in mind.

Regulators must adapt the current regulatory framework to DeFi services. They can learn from techniques that are proving effective for the existing cryptocurrency market. For example, specialized units, such as the U.S. Securities and Exchange Commission’s FinHub and the Commodity Futures and Trading Commission’s LabCFTC, allow regulators to gain experience in new technology, interact productively with the industry, and provide informal regulatory guidance. Disclosure requirements or safe harbors can encourage market participants to provide regulators with information that helps them better understand market dynamics and develop best practices.

Regulatory sandboxes, such as the one the United Kingdom’s Financial Conduct Authority established for fintech, create a safe space for regulators and innovative services to work through issues. In addition, regulators should clarify relatively easy cases first to provide guidance to the industry. This can give regulators space to take on the harder questions later, while ensuring market participants remain confident in the broad contours of the regulatory environment.

In 2017, regulators waited too long to speak out about what was clearly a speculative bubble around blockchain initial coin offerings. Although regulators’ desire to avoid chilling innovation was admirable, some market participants took the lack of clear statements as a decision not to regulate what were, in some cases, obviously regulated investment contracts.

The potential for fraud and excessive risk always exists in financial markets. Regulators have the opportunity early on to shape expectations by working with responsible entities, while taking aggressive enforcement action against bad actors. The window to do so is open for DeFi. It will not remain open for long.

Kevin

Kevin Werbach is a Professor of Legal Studies & Business Ethics at The Wharton School of the University of Pennsylvania.

This essay is part of an 11-part series, entitled Regulation In the Era of Fintech.