Despite being a nascent (albeit rapidly growing) sector, DeFi has caught the attention of policymakers around the world and international standard setting bodies and financial jurisdictions are examining policy solutions for DeFi.
TradFi regulations are designed for centralized intermediaries like a bank or exchange, but applying them to decentralized systems is difficult. The Crypto Council proposes a modified regulation centered on: “Same Activity, Different Risk, Different Regulation but Same Regulatory Outcome.”
In emphasizing rules for specific risks, the paper puts forth three policy recommendations: Mandatory Disclosures by App-operating Businesses, Independent Certification of Public Good Protocols, and a Regulatory Safe Harbor Program for nascent protocols aiming for decentralization.
“What is decentralized finance (or DeFi)? And how can DeFi be regulated?”
Despite being a nascent (albeit rapidly growing) sector, DeFi has caught the attention of policymakers around the world. International standard setting bodies are examining policy solutions for DeFi. IOSCO recently released its DeFi policy recommendations in September for public consultation. The Financial Stability Board plans to issue policy recommendations in 2024. As part of our contribution to this important debate, CCI has produced a white paper outlining how we believe an effective policy framework could be structured.
But it’s not just the international standard setters who are thinking about this sector. Several leading financial jurisdictions are also grappling with how to deal with DeFI. For example in the US, the McHenry/Thompson market structure bill included provisions for addressing DeFi. While in the EU, the crypto assets legislation MiCA calls for a study by the European Commission, expected by the end of 2024/early 2025 which will assess the landscape, potentially suggesting legislation.
The modern financial regulatory regime is built on the assumption that there is a central intermediary controlling the financial service. Regulatory requirements are applied to the central intermediary, usually a bank, exchange, broker-dealer, or other type of financial institution.
However, there is no central intermediary that controls all the activities of a DeFi system, so it is very difficult to apply a traditional regulatory approach to truly decentralized systems.
But how can we help policymakers develop a regime that encourages responsible innovation in DeFi while protecting consumers and mitigating financial risks? This is the challenge we took on at the Crypto Council for Innovation (CCI).
“Same Activity, Different Risk, Different Regulation but Same Regulatory Outcome.”
During our research, we observed that the risks posed by DeFi can be fundamentally different from those posed by traditional finance (TradFi). For example, the lending service in DeFi may be similar to the lending service in TradFi, but the risks can be quite different in nature. The primary risk in TradFi lending is counterparty credit risk. In DeFi lending, counterparty credit risk is significantly mitigated by overcollateralization requirements, but DeFi lending has other types of risks, such as operational and AML risks which differ in nature due to underlying technologies, such as smart contracts, and protocol governance. Policymakers should carefully consider the specific types of risks posed by different DeFi services and apply appropriate rules.
This is why we have updated the longstanding regulatory principle of “same activity, same risk, same regulation” for DeFi to “Same Activity, Different Risk, Different Regulation but Same Regulatory Outcome.” You simply can’t push a square peg into a round hole. Policymakers recognize this. But that doesn’t mean there are no rules or controls – it just means the rules have to be tailored appropriately.
“Regulate Businesses, Not Public Good Protocols”
Our paper carefully examines the digital tech stack and identifies the app layer as the appropriate place to apply regulation. It is through the app layer that users access the DeFi protocol layer. Apps are operated by businesses, and regulatory obligations should fall on these app-operating businesses. Truly decentralized protocols, on the other hand, do not have a legal entity or a single, centralized point of control to whom regulation can apply. They should be considered as public good and incentivized to adopt best practices–as we discuss in our policy recommendations.
“Public Good Protocols”
We introduce the concept that DeFi protocols should act in the public’s interest as public digital infrastructure, like the internet does today. If they meet the high bar of having the five key features below, they would be exempt from financial regulatory requirements. If they do not, then they are subject to regulation.
(5) non-discriminatory access and use
Three Policy Recommendations
To help operationalize this pro-regulation framework, we propose three policy recommendations that policymakers and industry should consider and pursue:
Policy Recommendation 1. Mandatory Disclosures by App-operating Businesses: A standardized disclosure regime for app-operating businesses that includes information about the underlying DeFi protocol.
Policy Recommendation 2. Independent Certification of Public GoodProtocols: The establishment of an Independent Certification Regime Organization (ICRO), which certifies DeFi protocols that meet the ICRO’s criteria, including security code audits. The ICRO could be established by industry, government, or both. We elaborate in our paper how businesses should be incentivized to utilize certified Public Good Protocols.
Policy Recommendation 3. Regulatory Safe Harbor Program: Very few DeFI protocols are decentralized at their inception. But we believe policymakers should provide a clear pathway for those who have true decentralization as their objective. A safe harbor regime for nascent protocols that aim to progressively decentralize.