DeFi, Disintermediation, and the Regulatory Path Ahead

As decentralized finance projects eliminate the need for financial intermediaries, regulators may need to fundamentally rethink their approach.

Decentralized finance, also known as DeFi, is a quickly rising phenomenon, with more than $60 billion in value locked in DeFi projects as of April 2021. DeFi builds on the initial waves of cryptocurrency projects that followed the release of Bitcoin in 2008 and the launch of Ethereum in 2014, which decentralized the computing work needed to operate blockchain networks and attracted early adopters and investors to these networks. DeFi projects go further by seeking to eliminate the need for intermediaries in financial transactions—replacing exchanges, market-makers, asset managers, banks, and other lenders with software protocols.

Although DeFi may hold great promise, it also raises novel policy and regulatory considerations. U.S. financial regulation assumes the presence of intermediaries, and it applies regulation to intermediaries as a way to regulate financial markets and related activities comprehensively. As a result, regulators and policymakers may find that DeFi brings them into uncharted and inhospitable territory.

In what follows, we first describe the current DeFi landscape and some of the high-level implications of DeFi for existing financial regulatory approaches.  We then discuss the key policy and regulatory considerations raised by DeFi.

DeFi today comprises a variety of independent projects with the same shared goal––improving availability of and efficiency in financial services through disintermediation. These projects seek to replace the role of banks, brokers, and other financial services intermediaries with open source software, blockchain technology, and the use of incentives and market design. Depending on the project, the code and market design may enable users to engage anonymously in different types of transactions.

For example, DeFi platforms:

  • match buyers and sellers of digital assets or let them “swap” one cryptocurrency for another (exchange trading);
  • allow holders of cryptocurrencies to lend anonymously to people who want to borrow, generating interest returns for lenders (credit intermediation);
  • invest user funds in cryptocurrencies to maximize portfolio returns (asset management); and
  • establish markets for synthetic instruments, in which users can establish derivative positions in cryptocurrencies while posting collateral to support those positions (derivatives trading).

The archetypical DeFi project involves a development and finance team that has written open source software and has released it into the wild. The software typically runs on an existing blockchain, most commonly the Ethereum blockchain. Users interact with the software through unhosted wallets—which are digital wallets that are managed by users themselves rather than by a service provider. Users find instructions and market information on websites run by the project development team or by third parties that track the relevant DeFi activity.

Some DeFi protocols allocate “governance tokens” to reward users for engaging with the system and for conducting or supporting different types of transactions. These governance tokens generally give users a right to returns from the project—often in ways that resemble equity in the project—and allow users to vote on changes proposed to the protocols. Because of these associated rights, governance tokens have value and are tradeable.

Two interesting examples of DeFi applications are Compound and Uniswap/SushiSwap. The Compound protocol allows users to borrow cryptocurrencies and post specified “supported assets” as collateral. The protocol mathematically determines how much a user can borrow and the interest rate the borrower must pay, based upon the particular cryptocurrencies the user wants to borrow and to post as collateral. The protocol also sets conditions for the borrower to post additional collateral and a mechanism for repaying the loan. Borrowers can use the borrowed cryptocurrencies as they choose, including to lend through Compound or lend or exchange through other DeFi applications. The Compound protocol distributes the governance token––called COMP––to users of the protocol. As of this writing, the Compound protocol had more than $16 billion of value locked under its protocol.

Uniswap and SushiSwap are variations on exchange protocols, referred to as “decentralized exchanges” or “dexes.” These protocols facilitate the direct, anonymous exchange of one cryptocurrency for another. Users pool together specific cryptocurrencies into a liquidity pool in exchange for a token they can trade for other cryptocurrencies. For example, one of the leading token-pairs on Uniswap as of this writing was WBTC (bitcoin transferable on the Ethereum blockchain) against Ether, the native token of the Ethereum blockchain.  The protocol determines the token-pair exchange rate based upon the relative amount of each token in the token-pair liquidity pool. Users that swap tokens pay transaction fees; a portion of these fees is paid to other users who contributed tokens to a liquidity pool. To illustrate, users pay SushiSwap’s governance tokens—called SUSHI—to other users who provided cryptocurrency liquidity to pools. SUSHI permits token holders to participate in the governance of the platform, including voting on changes to the SushiSwap protocol. As of this writing, there were approximately $6 billion in cryptocurrencies locked on the Uniswap platform and another $4 billion locked into SushiSwap.

Decentralization has long been a mantra for cryptocurrency projects. Many projects sought decentralization by encouraging wide distribution of the computing efforts or other work needed—such as “staking” of coins—to process transactions on a blockchain. But these projects often involved development teams issuing tokens through Initial Coin Offerings (ICOs) in exchange for money at the outset of the project. Issuers of ICO tokens typically retained governance or control over the project, and often used proceeds from the sale of the tokens to develop the project.

Few cryptocurrency projects sought or achieved decentralization through disintermediation. Many projects struggled to distribute governance or economic control over their networks. Even Bitcoin, which has a reasonably distributed infrastructure, economies of scale led to the emergence of a relatively concentrated market structure led by a small number of familiar types of intermediaries.  We now see issuers, exchanges, custodians, wallet providers, asset managers, and investment funds—similar to those in traditional financial services—provide services to people who wish to buy, HODL, and sell cryptocurrencies.

DeFi is different. To start, DeFi governance tokens are not issued by a team or startup at the beginning of a project. Instead, participants typically earn tokens by interacting with and providing services to a protocol, for example by providing liquidity in a decentralized exchange or collateral on a lending platform. This structure gives a wide range of holders the ability to contribute to a project’s governance and evolution by voting on proposals to change the protocol and, therefore, its incentives and operations.

But the more fundamental innovation of DeFi is that it may eliminate intermediaries in financial transactions altogether by using software and market design to match orders automatically, determine and charge interest rates, and maximize investment returns. This automation may increase the speed of financial transactions, decrease costs, and—given enough time—broaden the availability of these services. It may also lead to new types of services. If a community of users is displeased with the service provided by a protocol, that community can vote to change the services supported by it or can fork the existing open source code base and develop a new protocol to meet the community’s needs better. Moving between protocols is also relatively frictionless because users directly control their assets.

On the other hand, DeFi users do not receive the benefits of transacting with regulated intermediaries. There is no help desk or relationship manager to contact if a transaction goes wrong. Users do not receive risk disclosures. And the protocols are not subject to risk management requirements, such as capital and liquidity requirements, that protect against loss of consumer funds and systemic risks.

DeFi has scaled during a time of general economic expansion and a generally steady rise in cryptocurrency prices. The consistent increase in value of collateral held in DeFi protocols means that neither individual protocols nor the system overall has experienced stressed conditions yet. It is not clear what will happen to interconnected protocols when one or more of them experience serious, market-wide price dislocation or large scale technical outages. DeFi protocols may prove resilient to stressed market conditions, but this proposition has not been tested.

These risks bring us to consider how DeFi projects are currently regulated and key considerations for the regulatory path ahead. DeFi projects may not trigger regulation under the U.S. financial laws that currently apply to cryptocurrency projects. In large part, this is because U.S. financial regulation hinges on the presence and regulation of intermediaries.

For example, DeFi transactions conducted between individual users through unhosted wallets would not be subject to Bank Secrecy Act (BSA) requirements, including Know-Your-Customer and anti-money laundering reviews. Under Financial Crimes Enforcement Network (FinCEN) guidance, the applicability of the BSA and related FinCEN regulations hinges on the participation of intermediaries providing hosted wallet, exchange, or other specified services. Moreover, because DeFi protocols support anonymized transactions, there is currently no meaningful way for market participants that are subject to the BSA to determine what requirements apply to their DeFi transactions. Similar questions arise about the application of sanctions obligations to DeFi activities.

In addition, governance tokens issued by DeFi projects—unlike many ICO tokens—may not constitute “investment contracts” under U.S. federal securities laws. Where a development team relinquishes control over a DeFi protocol, users earn the project’s governance tokens over time by participating in the project’s development, and the project never issued tokens to investors to raise funds, the existence of the Howey factors requiring a common enterprise and an expectation of profits derived from the efforts of others are less apparent. The absence of intermediaries and a wide dispersal of governance tokens in DeFi may further weigh against governance tokens being subject to regulation under U.S. federal securities laws.

And even if digital assets that are securities are used in or traded through DeFi protocols, it is not clear whether or how the U.S. Securities and Exchange Commission (SEC) would regulate DeFi projects or their users under existing U.S. federal securities laws.

U.S. federal law defines a securities exchange as “any organization, association, or group of persons, whether incorporated or unincorporated, which constitutes, maintains, or provides a market place or facilities for bringing together purchasers and sellers of securities.” Once the development team launches a decentralized exchange protocol and relinquishes control, the project no longer involves an organized group of people maintaining a trading facility. Instead, it is operated automatically by the protocol and all users who hold governance tokens.

It is similarly unclear how the SEC would regulate as an investment adviser a DeFi application that allocates users’ assets according to the protocol’s formula. U.S. federal law defines an investment adviser to include any person or firm that provides advice to others about securities for compensation. When users provide their own digital assets to a DeFi protocol to be traded or invested by that protocol, the users are merely relying upon the open source software and their own ability to review the code. In most cases, governance token holders—who are also users of the protocol—could control changes to the protocol and thus the investment strategy. These token holders, however, would be doing so based on their own views about how the protocol should work, not the investment needs or guidelines of  the necessary “others.” As a result, neither the protocol nor governance token holders seem to fit the definition of an investment adviser.

Although DeFi projects do not fit well within the existing U.S. financial regulatory paradigm, it does not follow that policymakers or regulators should not, or cannot, regulate the activity. As DeFi projects scale, it has become increasingly apparent that they may present the same types of risks that U.S. financial regulation is designed to address. These Include financial crime, consumer protection, and financial stability risks.

Existing antifraud laws, such as those under federal securities and commodities laws, could address fraud and manipulation in DeFi markets. But these authorities are narrow in scope. They do not provide a means for regulators to ensure effective financial crimes monitoring or consumer and financial stability protections in these markets.

Regulators may need to step away from the already trodden path and consider if they need additional authority to regulate these activities and protect consumers effectively. DeFi project developers and market participants must also consider the broader policy and regulatory perspective as they move forward with their work. They should anticipate that regulators will take a novel approach and not evaluate DeFi projects only under the rubrics used for the last wave of cryptocurrency projects. DeFi market participants should also prepare for the potential risk of retroactive regulation.

As policymakers and regulators develop regulations to oversee DeFi markets, they must balance the need to support financial services innovation with the need to protect consumers, fight crime, and preserve financial stability. Doing so may not be as straightforward as it was for the initial wave of cryptocurrency activities. Regulators may require more policy and legal innovation to address DeFi’s trend toward disintermediation and to support a more open, interoperable, and competitive financial infrastructure.

Jai Massari

Jai Massari is a partner in the Financial Institutions Group of Davis Polk & Wardwell LLP.

Christian Catalini

Christian Catalini is the Chief Economist of the Diem Association and a Co-Creator of Diem (formerly Libra). He is currently on leave from his role as Associate Professor at the Massachusetts Institute of Technology.

The authors are thankful to Alonso de Gortari for ideas, feedback, and insights into the DeFi landscape and economic applications and to Joseph Hall for his thoughtful comments.

This essay is part of an 11-part series, entitled Regulation in the Era of Fintech.