Why true DeFi is unregulatable
How in the world do we define DeFi?
When Satoshi Nakamoto published the Bitcoin whitepaper in 2008, the driving force behind the proposal was an ecosystem where the need for middlemen was non-existent, a network where two parties could transact with each other based on mutual trust backed by an incorruptible record of transactions. To this day, the identity of Satoshi remains unknown.
Fifteen years later, policymakers, regulators and participants in the global finance industry have struggled to agree on a definition of decentralised finance (DeFi). IOSCO’s latest consultation report on DeFi from September 2023 acknowledges that “…there is no generally accepted definition of DeFi, even among industry participants, or what makes a product, service, arrangement, or activity decentralized.”[1]
Intergovernmental standard-setting bodies, international organisations and regulators like the Financial Stability Board (FSB), the Bank for International Settlements (BIS), the Organisation for Economic Co-operation and Development (OECD) and the US Department of the Treasury have attempted to define DeFi with a plethora of terminology – disintermediated, open-source, permissionless, trust-minimised, transparent, accessible to anyone, self-executing code, automated peer-to-peer transactions, utilising smart contracts, leveraging distributed ledger technology (DLT).
But what makes a financial product or market truly decentralised? In XReg’s view and as evidenced by Satoshi, if you cannot identify a person (or people) to hold accountable, then and only then is it DeFi. When regulations are drafted, they consider the intermediaries, the entities and people that enable the use of a specific service, product or technology and can be held accountable. But what if no one can be held accountable? Under our existing regulatory paradigm, DeFi is unregulatable.
What do we mean by Hybrid Finance?
While many financial products and services that utilise DLT aspire to be decentralised, in practice, most are situated somewhere on a spectrum of decentralisation between DeFi and centralised finance (or the crypto and traditional financial businesses that are ultimately owned and operated by centralised intermediaries with identifiable persons in control).
This spectrum of decentralisation must consider both the elements of technology and governance in order to evaluate the decentralisation of a financial product or service accurately.
We will refer to the financial products and services on this spectrum between centralised and decentralised as Hybrid Finance[2] (HyFi).
How to regulate HyFi vs. DeFi
In the case of HyFi, there are centralised points of accountability, like front-end web interfaces, applications and entities called oracles that provide real-world data to smart contracts. In such cases, regulators can still apply the existing regulatory paradigm and impose regulation on actors at these various points of centralisation. It will be essential for policymakers to define for the industry who these actors are, their specific roles, what or who should and should not be regulated and how we regulate them. For example, a financial product or service may have implemented a decentralised system of governance, but decisions still realistically rest in the hands of “whales” or a concentrated group of people that hold a large percentage of tokens. In other cases, the blockchain or ledger on which a decentralised product or service operates may have a very small number of large miners or validators controlling the verification of transactions.
In the case of true DeFi, where no one can be held accountable, how can regulators achieve a regulatory outcome? A paper originally published by the Bank of International Settlements as early as 2019 (and revised in May 2022)[3] outlines a case for embedded supervision and acknowledges the key principle “is to rely on the trust-creating mechanism of decentralised markets for regulatory purposes too…Since the information contained in the blockchain is verified by decentralised economic consensus, it could replace current processes for data delivery and verification.” In October 2022, the European Commission published a call to study the embedded supervision of DeFi protocols.
A recent paper from the European Central Bank[4] addresses decentralised autonomous organisations (DAOs), which in some cases provide decentralised governance for DeFi projects, stating the “urgent need to build a suitable regulatory framework around this new entity enabled by new technology, which requires cooperation between technologists, regulators, supervisors and entrepreneurs.”
At which points of centralisation might regulators apply regulation to HyFi? Can regulators and DeFi participants work together to define a set of standards for embedded regulation and incentivise technologists to apply it? Can we move towards a regulatory system that relies on technology to achieve the same regulatory outcomes?
[1] IOSCO, Policy Recommendations for Decentralized Finance (DeFi), September 2023 (Source)
[2] A paper published 20 September 2023 by Eric W. Hess titled Bridging Policy and Practice: A Pragmatic Approach to Decentralized Finance, Risk, and Regulation acknowledged this approach, outlining that “the concept of hybrid finance services recognizes that DeFi protocols exist within larger supporting ecosystems that can have both decentralized and centralized components…” (Source)
[3] Bank of International Settlements Working Papers No 811, Embedded supervision: how to build regulation into decentralised finance, September 2019 (revised May 2022) (Source)
[4] European Central Bank, The future of DAOs in finance: In need of legal status, 18 October 2023 (Source)
FAQs
Our most relevant and frequent questions and answers.