Decentralized finance (DeFi) has become a buzzword in the crypto-economy over the past few years, although what exactly is meant by the term remains somewhat ambiguous. There have been many attempts to enlist projects that would otherwise be subject to traditional financial regulation as DeFi-based, in an attempt to avoid the often burdensome requirements that come along with being a regulated entity.
Similarly, there have been highly centralized projects that adopt the DeFi nomenclature, in order to appear more cutting-edge and innovative than they may actually be. Although a single universally accepted definition of DeFi has not yet been codified, many agree on the key elements that separate DeFi projects from other types of financial activity.
The hallmarks of a truly decentralized project – instead of one that only claims to be so – are:
- Being a code based system.
- Using such code to enable users to enter into financial transactions in a self-determined manner.
- Allowing activities to be performed without relying on any centralized intermediary or third-party custodian.
Using this framework to develop the definition, it becomes clear that many of the DeFi fraudsters are simply adopting the mantle of decentralization while still placing ultimate control or power in the hands of a few project sponsors. Real DeFi projects must – in order not to fit too neatly into existing regulatory schemes available globally – not only seek input from a community of diverse users, but instead rely on and be beholden to it in order to function properly.
Potentially regulated use of the DeFi protocol
Potentially regulated activity takes many forms in the world of DeFi. DeFi protocols can:
- enable the exchange of virtual assets using platforms for the exchange of pairs without mediation (the so-called decentralized exchanges (DEX));
- facilitation of borrowing and lending activities between contracting parties;
- enable issuance of algorithmic stablecoins; or
- provide a virtual asset derivatives market.
Each represents a unique avenue through which regulatory pressure can be applied and new or existing regulatory powers applied.
Several of these have faced direct regulatory scrutiny in the US, where there is particular appetite for addressing the potential compliance challenges posed by decentralized finance. Recent proposals from US lawmakers and security industry regulators include the application of Reg ATS to DEXs.
In short, the implementation of Reg ATS would mean that DEXs would be subject to regulatory requirements similar to those of broker-dealers (which would, in effect, have to register).
Although such regulatory oversight would not be as daunting as that faced by traditional exchanges, it would still require a significant amount of increased compliance programs and costs in hiring appropriate personnel, registering as necessary, and maintaining adequate controls and systematic oversight. It can also prove very challenging from an operational perspective; if the entity is truly decentralized and has no single control point, then who is responsible for – or able to enforce – compliance requirements?
Similarly, DeFi derivatives markets have recently faced a significant increase in regulatory interest. Following the landmark action taken against Ooki DAO – an organization deemed an unregistered derivatives exchange by the US Commodity Futures Trading Commission (CFTC) – the landscape appears particularly bleak.
The complaint filed by the CFTC states that, in fact, the holders of governance tokens in the decentralized protocol are actually partners in an unincorporated association. The CFTC argued that any person engaged in the management of a token-based protocol can be held guilty of the activities of that protocol.
This could have a major chilling effect on the industry, as the potential liability of voters for management proposals could be significant. Although the CFTC was largely successful in its action against Ookie DAO, this can be attributed (at least in part) to the fact that Ooki DAO did not respond to the complaint which resulted in an injunctive judgment in favor of the CFTC.
While this is not fact-finding and may not, in many ways, have precedential impact, it does make clear that there may be some reasonable argument for holding governance token holders/voters accountable for the actions of a DeFi protocol.
Crime in DeFi
Registration and compliance issues related to consumer protection are not the only issues facing the DeFi sector. Financial crime remains a major problem in DeFi, as criminals have used the protocols as a vector for money laundering and sanctions evasion and victimized the protocols themselves through theft, fraud and exploitation.
As noted in Elliptic’s recently published Typologies Report, bad actors have attempted to use various DeFi protocols to move ill-gotten assets in an attempt to hide their source, nature and origin. For example, by exchanging stolen funds denominated in one asset for funds denominated in another via DEX, criminals believe they can obscure the relevant asset’s blockchain history and confuse investigators who may seek to identify the ongoing movement of dirty funds.
Similarly, attempts to use lending/lending protocols as a means by which dirty money – including funds obtained from sanctioned actors and known criminals – can be covertly integrated into the wider decentralized economy have become more common. In both cases, the true purpose of DeFi—to enable an intermediary financial experience with far less rent-seeking than traditional finance—has been corrupted by bad actors abusing the technology.
However, DeFi protocols are not only exploited by criminals to use the means to launder money and avoid sanctions. They themselves are the target of theft; As Elliptic reports, billions of dollars in virtual assets have been stolen from the DeFi protocol over the past year.
These thefts are the result of a variety of things including exploiting poorly designed protocol code, social engineering, and credential theft. It is imperative that compliance professionals and law enforcement agencies continue to track the path of these stolen funds so that they cannot be “converted” into fiat dollars, exchanged for new digital assets, or otherwise allowed to become materially beneficial to bad actors at hand.
By preventing the spread of stolen assets into the wider financial system and by creating significant barriers to the use of these assets in commerce, criminals are given less incentive to steal funds.
Fulfillment of obligations
While it is vital to identify the ways in which regulatory oversight can influence the direction of the DeFi sector, as well as confronting the phenomena of financial crime occurring within it, it is equally important to develop and implement systems and products that can mitigate the regulatory fallout. and the risk of financial crime. Chief among these are tools that enable the implementation of well-designed anti-money laundering (AML) and sanctions programs.
If the requirement to register as a broker-dealer under Reg ATS – or as another type of financial institution under other applicable regulations or registration – becomes a reality, the obligations of the AML program will follow. The blockchain analytics services provided by Elliptic, including investigations, wallet verification and transaction monitoring, will be instrumental in implementing an adequate program and mitigating the risk of major regulatory actions by AML-focused regulatory authorities.
Even without the newly imposed regulatory requirements, there is still an obvious need for any project that in any way touches the US financial system – including banking relationships, investors in US projects, or relationships with examined banks of US financial institutions – to mitigate the risk posed by involvement. with a sanctioned person or a person connected with a sanctioning jurisdiction.
The US Treasury’s Office of Foreign Assets Control (OFAC) has made it clear that there is no acceptable amount of assets tied to a sanctioned person that can be considered acceptable. Only by identifying exposure to penalized counterparties can industry participants mitigate the risk of civil and criminal penalties.
While there is tremendous promise in the world of DeFi, there is a clear need for greater focus on regulatory risk management. By implementing the solutions offered through Elliptic’s products, firms receiving funds from the DeFi protocol, as well as the protocols themselves, may be able to more effectively reduce their exposure to financial crime and stolen goods, while simultaneously taking advantage of the sector’s technological ingenuity.
To learn more about how to equip yourself with the insights needed to ensure successful financial crime compliance and risk management, download our Report on typologies below.
Download your copy
DeFi Law Enforcement Regulation