DeFi: Who, what and how to regulate in a borderless, code-governed world?

In order to successfully overcome regulatory challenges, both the blockchain sector and regulators need to work hand in hand.
In order to successfully overcome regulatory challenges, both the blockchain sector and regulators need to work hand in hand.

Hold onto your hats, boys and girls! It’s a new world — a financial system without intermediaries, that anyone can access 24 hours a day with only a mobile phone and a wallet! As Julien Bouteloup said to me: 

“In DeFi, what we are building is fully decentralised technology, fully transparent, run by mathematics. No one can beat that.”

He continued: “We are building on research papers, 40 years of research, fundamental research, discrete mathematics being built and put on-chain that no one can beat. You cannot beat that. GitHub didn't exist in the ‘90s. First, the fact that we're going at the speed of light, is because everything is open source, and everyone can participate.”

Related: DeFi literacy: Universities embrace decentralized finance education

A Novum Insights report stated back in August that since 2020, the DeFi market has grown by a factor 40, with the total value locked in DeFi at around $61 billion at the time (while the current TVL stands at around $165 billion). Stablecoins' capitalization, an important part of DeFi, grew in the first half of 2021 to $112 billion.

Massive gains are being made but, at the same time, DeFi investors are also losing money because DeFi is not regulated, moderated, intermediated, hosted or validated by a central authority, only driven by smart contracts. So if a smart contract fails or is attacked, consumers have no remedy. Loretta Joseph, global digital asset regulatory expert, said to me: “Regulators protect consumers and investors. In DeFi, you don't have any intermediaries to regulate, so it's totally P2P. The question is how it will be regulated in the future. People are going to get scammed. When people start to get scammed, the first thing they do is complain to the regulator.”

Related: Will regulation adapt to crypto, or crypto to regulation? Experts answer

Indeed, since 2019, DeFi protocols have lost about $285 million to hacks and other exploit attacks. And as the experts stated, the majority of hacks were due to developer incompetence and coding mistakes. That’s significant when the sector is entirely reliant on the code.

Related: The radical need for updating blockchain security protocols

The challenges of regulation

The U.S. Securities and Exchange Commission’s Hester Peirce said in an interview with Forkast.News about DeFi back in February: “It’s going to be challenging to us because most of the way we regulate is through intermediaries, and when you really build something that’s decentralized, there’s no intermediary. It’s great for resilience of a system. But it’s much harder for us when we’re trying to go in and regulate to figure out how to do that.”

Regulatory concerns tend to be around the volatility of crypto markets as contrasted with government-backed fiat currency, the risk of money laundering and terrorist financing, the unregulated nature of the market, and the absence of recourse for financial losses. Nonfungible tokens are exploding, generating excitement, confusion, legal questions and massive gains. NFT markets are also attracting large crypto transactions, which will likely bother regulators, who may see the big money moves in NFTs as money laundering. At a macro level, the decentralization of the financial system and the ability to manage economic stability and protect consumer interests poses a further challenge to regulators.

Related: Nonfungible tokens from a legal perspective

DeFi decentralized autonomous organizations (DAOs) are popular as a means of transferring cryptocurrencies across different blockchains. This supports crypto lending and yield farming. DAOs, by conservative estimates, oversee more than $543 million. In a DAO, information technology governance and corporate governance are one and the same. The organization is governed and operated by smart contracts, which are monitored and enforced by algorithms. The code both governs and executes. Should the algorithms fail, who then is responsible?

In a joint article, dubbed “Regulating Blockchain, DLT and Smart Contracts: a technology regulator’s perspective,” a group of researchers outline some key points to consider: (1) the importance of identifying central points which can be used to apply regulation to, such as miners, core software developers, end users. They even raise the potential for governmental or regulatory players to be potential participants; (2) issues of identifying liability — could core software developers be held to account?; (3) the challenges with the immutability and lack of update-ability of smart contracts; and (4) the need for quality assurance and technology audit processes.

It is expected that exchanges and wallet providers will be a focus for regulators. Decentralized exchanges allow users to trade directly from their wallets in a P2P manner without intermediaries. Global money-laundering watchdog the Financial Action Task Force (FATF) has exchanges in their sights. Christopher Harding, the chief compliance officer of Civic, noted that the FATF proposed guidelines which suggest that DApps will need to comply with country-specific laws enforcing FATF, AML, and Counter-Terrorism Financing requirements.

Related: FATF draft guidance targets DeFi with compliance

A recent review of 16 leading exchange platforms by the London School of Economics and Political Science found that just four were subject to a significant level of regulation related to trading, so there is a clear gap. Getting listed on any major exchange now requires a project to have passed auditing, but meaningful security doesn’t end there. Toby Lewis, CEO of Novum Insights, made the point:

“Also, remember that smart contracts can be attacked. Even if they are audited, it does not give you a guarantee that it will be exploit-free. Do your own research before you start.”

In an open-source environment where projects are developing at an average compound growth rate of 20% per year, finding just the right moment to regulate, wherein people are protected from risk but innovation is not constrained, is a classic problem to solve. Some governments have addressed achieving this balance by using regulatory sandboxes (U.K., Bermuda, India, South Korea, Mauritius, Australia, Papua New Guinea and Singapore), while some have gone straight to legislating (San Marino, Bermuda, Malta, Liechtenstein).

Far from resisting regulation, leading DeFi figures embrace it as part of the maturing of the industry. In an interview with Cointelegraph, Stani Kulechov, the founder of DeFi lending platform Aave, suggests that peer review will be the future: “Auditors are not here to guarantee the security of a protocol, merely they help to spot something that the team itself wasn't aware of. Eventually it's about peer review and we need to find as a community incentives to empower more security experts into the space.” In the same article, Emeliano Bonassi spoke about ReviewsDAO, a peer review forum for connecting security experts with projects looking for reviews. Bonassi sees potential for this to become a learning opportunity where people with specialized knowledge can contribute to improving the security of the ecosystem.

Tan Tran, CEO of Vemanti Group, suggested: “Going forward, I do see accelerated adoption of platforms with permissionless financial products and services that can be used by anyone anywhere, but each will be governed by a regulated-party with centralized control to ensure accountability and compliance. This is not about stopping innovation. It's more about deterring bad actors from exploiting unsophisticated consumers.” Giving an expert opinion on DeFi to Cointelegraph, Brendan Blumer, CEO of Block.one, concluded: “The real winners in the digital economy will be those that think long-term and take the time to ensure their products meet jurisdictional and professional service requirements.”

It certainly looks like exchanges and software developers could be in the sights of regulators. We anticipate regulators will look for ways to improve technology quality assurance processes and DeFi governance, which can only be done in conjunction with the industry. Mark Taylor emphasized that regulators need to continue to work in partnership with crypto industry players to protect consumers.

Julien Bouteluop explained: “We are actually building, in DeFi, everything that traditional finance has, but faster, stronger, more transparent and accessible by everyone that's here. It's really different. It means that anyone in the world can access technology and doesn't need to ask permission from anyone. I think it's necessary to push for innovation, and to build a better world.”

Who, what and how do we regulate in this global 24/7, borderless market? This is a whole new ball game. Regulators and industry will need to work hand in hand.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Jane Thomason is a thought leader on blockchain for social impact. She holds a Ph.D. from the University of Queensland. She has had multiple roles with the British Blockchain & Frontier Technologies Association, the Kerala Blockchain Academy, the Africa Blockchain Center, the UCL Centre for Blockchain Technologies, Frontiers in Blockchain, and Fintech Diversity Radar. She has written multiple books and articles on Blockchain. She has been featured in Crypto Curry Club’s Top 100 Women in Crypto, the Decade of Women Collaboratory’s Top 10 Digital Frontier Women, Lattice’s Top 100 Fintech Influencers for SDGs, and Thinkers360’s Top 50 Global Thought Leaders and Influencers on Blockchain.