red 
When it comes to the hotly debated topic of cryptoassets and regulation, there is perhaps no more controversial topic than decentralized finance (DeFi). DeFi refers to blockchain-based technologies that enable the delivery of financial services without relying on third parties such as banks.
DeFi innovation is accelerating at an incredible rate. The DeFi market had a total value of approximately $250 billion at the end of 2021 – an annual growth rate of more than 1,700%. There have also been the launches of new financial apps that allow users to access products outside of the mainstream financial sector that are powered by crypto-assets.
This naturally led to a re-examination. Regulators are increasingly monitoring DeFi, determined to prevent it from becoming a haven for crime and regulatory arbitrage. Meanwhile, financial institutions are intent on exploring the opportunities presented by DeFi and want to manage this new wave of crypto-asset innovation, not be disrupted by it.
This has led to an increasing focus on applying anti-money laundering (AML) compliance standards to DeFi, which seems like a contradiction to some.
DeFi and the risk of financial crime
To understand why DeFi and AML may not seem like natural bedfellows, it is important to understand the characteristics of DeFi.
DeFi applications (known as dApps) work using smart contracts. These are self-executing protocols that allow parties to transact using predetermined conditions. Smart contracts allow counterparties to use crypto-assets for a wide range of applications, such as obtaining collateral-free loans, swapping crypto-assets, trading in cryptocurrency-based derivatives markets, and betting in prediction markets, without the need for a financial institution to settle transactions or custodial. property.
DeFi transactions are settled peer-to-peer, as determined by the terms of the underlying smart contract, with all transaction information recorded on the blockchain or public ledger. At no time is a financial institution required for approval or brokerage activities.
This is precisely where the promise of DeFi lies – in simplifying the provision of financial services by eliminating the cumbersome infrastructure of a financial institution and replacing it with software. Popular Dapps are experiencing rapid user growth, with some generating billions of dollars in monthly trade. Among the most popular are Aave (lending platform), Uniswap (decentralized exchange or DEX) and Polymarket (prediction market).
While DeFi provides opportunities to improve the delivery of financial services, it also presents challenges and risks.
One challenge involves how to regulate DeFi. Some of its proponents have argued that regulating DeFi using rules designed for centralized institutions is impractical. Regulation involves imposing requirements on intermediaries such as banks, leading some to suggest that regulation cannot work in an ecosystem without an intermediary operating only using open source software. Indeed, some DeFi technology innovators see the potential to bypass regulation as a positive feature of the technology.
Another, related, challenge is the emergence of criminal activity. As the popularity of DeFi has grown, illegal actors are increasingly exploiting it.
In particular, cybercriminals have identified opportunities to exploit and manipulate flaws in Dapps to steal crypto-assets from users. These hacks generate large amounts of revenue for cybercriminals. In 2021, hacks on DeFi platforms led to a loss of $10.5 billion for users, up from $1.5 billion in 2020.
In early 2022, it looks like this trend will continue. In March, hackers stole $540 million in user funds from the Ronin DeFi Bridge – a service that allows users to exchange funds between crypto assets such as Bitcoin and Ethereum. This was the second largest ever cybercriminal hack targeting a crypto asset service.
The growth of the DeFi ecosystem also offers criminals additional opportunities to launder illicit funds through Dapps. In particular, criminals are increasingly relying on DEXs – Dapps that allow users to exchange crypto-assets, but without providing know-your-customer (KYC) information.
For example, in September 2020, cybercriminals hacked a crypto asset exchange service in Singapore called KuCoin and stole more than $200 million of users’ crypto assets. The hackers then laundered millions of dollars worth of stolen cryptocurrency by exchanging the tokens on DEXs such as Uniswap. The United Nations has since attributed the attack to the Lazarus Group – a North Korean cyber crime organization.
Enter FATF
Unsurprisingly, this has led regulators to insist that DeFi be tamed and regulated.
This is led by the Financial Action Task Force (FATF), which has established international standards to combat money laundering and terrorist financing (CFT). Following consultations with the private sector, in October 2021, the FATF published updated cryptoasset guidelines clarifying how countries should regulate DeFi.
The FATF guidelines make it clear that DeFi services must comply with AML/CFT measures. He notes that while Dapps rely on software to provide financial services rather than functioning as centralized financial institutions, in most cases there will be individuals who profit from these activities, or who are able to exercise control and influence over the market activities underlying the Dapp . The FATF states that precisely these parties must be subject to AML/CFT regulations.
At the national level, some regulators have already turned their attention to DeFi. In particular, some US regulators are taking a proactive approach to overseeing DeFi.
Gary Gensler, chairman of the US Securities and Exchange Commission (SEC), has been particularly vocal, repeatedly calling on US regulators to crack down on DeFi within the regulatory sphere. To that end, the SEC issued proposed rules in January that, if adopted, would likely bring many Dapps and certain DeFi market participants that facilitate securities trading under the SEC’s jurisdiction.
Institutions are looking at DeFi
It’s not just regulators focused on bringing order to DeFi. Banks and institutional investors are also paying attention.
While it might seem strange that legacy financial services companies want to participate in DeFi, given its seemingly anti-institutional proposition, a growing number are exploring ways to profit from it. Some institutional investors see opportunities in DeFi lending, for example, and some banks are beginning to explore ways to give their customers access to DeFi services that offer reduced friction.
However, a prerequisite for institutions to enter the DeFi market is regulation. Institutional actors want to ensure that risks such as money laundering, terrorist financing and sanctions evasion are mitigated before participating. Some DeFi developers are abandoning their anti-establishment roots to accommodate this institutional interest.
As an example, DeFi lending protocol Aave has established an AML and KYC compliant platform – known as Aave Arc – to allow institutional participants to access DeFi services. The arrangement ensures that only whitelisted crypto-asset addresses can trade on the platform, an idea that sounds counter to the ethos of DeFi, but is crucial to achieving institutional inclusion.
Moreover, developers are increasingly incorporating solutions like blockchain analytics into their Dapps that can enable the identification of suspicious transactions or blacklisted wallets. These capabilities will give regulated participants looking to engage with the DeFi market the confidence that exposure to the risk of financial crime is reduced.
As the DeFi market continues its astonishing growth, all rights compliance professionals will need to make sure they understand the sector, the risks involved and the evolving regulation.
Originally published by Thomson Reuters © Thomson Reuters.
Compliance DeFi Global
