Decentralised finance (DeFi) has seen remarkable growth over the last eighteen months and has quickly established itself as one of the first true “killer apps” for smart contract networks like Ethereum, Cardano, Polkadot, and Solana. DeFi allows parties to create precisely tailored and highly complex economic arrangements that execute automatically without the need to rely on a central intermediary or other trusted party. Even in its current early stages, DeFi raises the promise of a more decentralised and resilient financial system capable of embracing both established players and nascent market entrants.
The value of assets deployed in DeFi, barely $1 billion in June 2020, grew to over $80 billion at the end of August 2021. DeFi takes many forms, including secured lending, asset trading, and a wide variety of derivative transactions, all occurring almost instantaneously, and all recorded on the ledger of a public blockchain network. Not surprisingly, most, if not all, of the activity in DeFi to date has concentrated on the use of natively digital assets, represented by a plethora of blockchain-based tokens and “stablecoins” – digital assets pegged with various degrees of reliability to a fiat currency (almost always the US dollar); however, proponents are increasingly looking at incorporating real world assets, such as real estate, intellectual property rights, traditional equity, and other fiat currencies, thus dramatically expanding DeFi’s importance.
The absence of traditional intermediaries also means that anyone with the know-how and a wallet full of digital assets can directly access DeFi protocols without undergoing any prior know-your-customer (KYC) or anti-money laundering (AML) checks, or sanctions compliance. While this open access approach supports a vastly more inclusive type of financial innovation, it has raised concerns among policymakers that it could at some point give rise to an alternative financial system, one that allows illicit actors and those who run afoul of governments in developed nations to transact without the scrutiny and oversight provided by the current system of regulated financial intermediaries.
The Financial Action Task Force (FATF) Draft Guidance, issued in March of this year, suggested that parties directing the creation, development and/or deployment of DeFi protocol software — but who do not act as intermediaries controlling customer funds — should nevertheless be considered “virtual asset service providers” (VASPs), and should be held responsible for complying with relevant AML/KYC obligations. If this approach was widely adopted, DeFi protocol developers would be treated like banks, money transmitters, and other financial institutions that do control customer funds. Even though there is much more room for automation in the KYC/AML process, enforcing these obligations invariably comes down to numerous human judgment calls, something which banks, with their large compliance departments, have learned to manage. Attempting to impose such an across-the-board KYC/AML requirement at the DeFi protocol layer or on entities with no control over customer funds and no means to comply as a practical matter simply would not work and would swiftly drive this activity into a gray market with even less visibility for regulators than they have today.
We believe that a vibrant and diverse DeFi ecosystem is essential to the promise of “Web 3.0” – a more decentralised and democratised internet and the foundation of a more open and inclusive society. At the same time, we also acknowledge that the concerns raised by FATF in the Draft Guidance need to be taken seriously. Whether these concerns can be addressed without stifling the remarkable level of innovation occurring in the DeFi space is far from certain, though.
See also: Decentralised Finance: the next chapter
A potential solution begins by looking at decentralised exchanges (DEXes), those protocols (that is, software-based platforms running on blockchain-based networks) that utilise various permutations of automated market making (AMM) by freely participating third-party liquidity providers in order to facilitate efficient and trustless exchanges of digital assets by users. DEXes effectively underlie all other DeFi activity. Recently, the company that developed Uniswap, one of the world’s most popular DEXes, announced that it would remove certain tokens from its company-controlled web-based user interface (UI) to the protocol. (These tokens may still be accessed and traded using the Uniswap protocol through third-party UIs or by directly accessing the protocol software.)
The Uniswap announcement generated intense introspection in the DeFi community about the nuanced relationship between the traditional corporate entities that control popular DEX and other DeFi UIs and the underlying permissionless protocol software itself. But the debate the announcement engendered also points toward a way forward.
Incentivise permissioned Automated Finance
Rather than attempting to impose regulatory obligations on either the protocol software (impossible) or on all UI providers (impractical, as alternative UIs can be created cheaply and anonymously), we believe that the focus of regulators should instead turn toward finding ways, both formal, through rule-making, and informal, through the regular flow of supervisory dialogue, of incentivising the development and operation of permissioned access points (UIs) to the many protocols developed for use in DeFi. These alternative platforms, which might more properly be known as Automated Finance, rather than Decentralised Finance, could be operated by both traditional financial services businesses and new market entrants. They would provide the benefits of access to the same innovative DeFi protocol software on the same public blockchain networks, but would have UIs operated by identifiable entities willing to take on some or all of the responsibilities of being a VASP and of evaluating the underlying protocol software being accessed by users.
This Automated Finance approach would allow commercial users of the digital asset ecosystem desiring or required to transact only with others who are known to have also met industry-standard KYC/AML and sanctions compliance checks in a relevant jurisdiction to do so. Of course, others preferring to exchange digital assets in a permissioned environment using DEX protocol software could also use these access points and their associated pools of underlying assets. How the permissioning is accomplished would be open to the market and could feature the use of “zero knowledge proofs” and separate layers of activity, among other techniques, to enhance privacy and reduce vulnerable data “honeypots”. Work would also need to be done to facilitate integration of these Automated Finance platforms with “DEX aggregators” – separate front-end UIs that originate most digital asset trading volume at this point and allow those interested in trading digital assets to quickly identify the best DEX to which to route a trade, depending on the user’s priorities (e.g., lowest spread, least price slippage, etc.).
Benefits of a compromise position
Such an approach would require compromise on the part of both regulators and industry. We understand that simply accepting the idea of permissioned access to DEX protocol software is contrary to the core tenets of many developers, entrepreneurs, and users in the DeFi sector and inevitably means that, at least in the early days of Automated Finance, there will be far fewer liquidity providers who support the exchange of pairs of digital assets in that environment as well as an overall smaller number of pairs of assets to trade there. Even over the long term, permissioned actors will inevitably also be more selective as to the asset pairs for which they provide AMM liquidity. The remarkable network effects that have quickly developed around existing fully open DEXes through innovations like liquidity mining would need to be rebuilt as liquidity is rebalanced between permissioned access and non-permissioned access asset pairs. Business models would also need to develop for arbitrageurs who can operate in both permissioned and non-permissioned pools to keep asset prices broadly uniform across marketplaces.
We also understand that a significant part of the current appeal of DeFi is its composability – complex arrangements that can be quickly constructed by combining the use of distinct lending, exchange, and other DeFi protocols into a single transaction (these arrangements are sometimes referred to as building with money Legos). At best, it will take Automated Finance time to be established across the full range of protocols used in DeFi, initially limiting composability; at worst, corresponding permissioned environments for some DeFi protocols may never be developed, excluding these tools from use in composing transactions for users of Automated Finance.
See also: APAC uniquely placed to lead DeFi development
In fact, some may question why public infrastructure (such as the Ethereum network) would even be used for Automated Finance, when plenty of consensus protocols designed for permissioned networks (like Hyperledger’s Fabric) already exist. Herein lies a key observation: while the levels of interest in DeFi in the legacy financial system is unprecedented, after more than five years of trials by many disparate groups (and outside of some important specialised exceptions), the demand to participate in the day-to-day operation of permissioned “layer 1” blockchain protocols ranges from tepid to non-existent. Moving the economic burdens and benefits of participating in the core tasks required to maintain and secure the blockchain network itself to a group of open and self-selecting “validators”, allows the public good of the network to exist, without any single participant required to take responsibility for the network or the other validators who from time to time are securing in it.
At the same time, by encouraging the development of Automated Finance, regulators would need to fundamentally re-think their approach as well, signaling to commercial users, investment funds, financial institutions, and other regulated entities that, with other appropriate precautions, they may begin to utilise AMM protocols and other of the underlying innovative tools developed through the growth of DeFi on public blockchain infrastructure without potentially violating AML/KYC or sanctions regulations applicable to them. As a result, the utilisation of these platforms (and their associated liquidity) should increase significantly and similarly permissioned access to lending and other protocols developed by the DeFi community may expand, thus spurring further growth and innovation in the DeFi sector while substantially enhancing transparency and regulatory visibility into the activity, relative to traditional markets.
Because all activity on these protocols (whether or not through permissioned access) occurs and is recorded on public blockchain networks, the level and detail of real-time monitoring to which regulators will have access will provide a huge improvement over the current system that consists solely of aggregated and delayed reporting by centralised financial intermediaries. In addition, with much activity occurring in permissioned environments, regulators will be able to work more efficiently with blockchain analytics providers to detect the true bad actors operating on non-permissioned networks. Consumer protection advocates should also be pleased, as the presence of an active Automated Finance sector running in parallel with peer-to-peer use of DeFi protocols by non-regulated entities will put a meaningful check on the power currently exercised by a handful of giant centralised financial institutions and should dramatically reduce costs to consumers and increase product choice, much as the switch to VoIP (voice over internet protocol) infrastructure 20 or so years ago did for telephone service. In addition, where user access to Automated Finance platforms is provided by regulated financial market participants, there will exist opportunities to integrate traditional services, such as insured fiat currency deposit accounts, with new uses for customer digital asset portfolios (such as lending against a basket of non-fungible tokens (NFTs) owned by a customer).
Moreover, by abandoning the idea of an outright prohibition on the use of DEXes and other true DeFi protocols that provide permissionless access to all users, regulators would be acknowledging the reality that, once written, the protocol software for virtually all DeFi applications will be available from public repositories, and that access points (and associated liquidity pools) for these protocols can be created by anonymous developers and maintained on decentralised storage platforms like Arweave, Swarm and IPFS.
See also: China's cryptocurrency regulations will propel similar regulations globally
Nor is this a new phenomenon for regulators, who have managed the dual system of account relationships with banks and other regulated entities that are subject to KYC/AML and the fluid and non-transparent use of physical cash. Further, attempting to do otherwise would give privacy tech a huge shot in the arm, igniting an arms race of cryptography and, likely, further obfuscating most if not all DeFi activity. Despite the sound-bite appeal of mandating across-the-board KYC for all DeFi, as with the handling of physical cash, attempting to prevent both illicit actors as well as those many other users with perfectly appropriate and legally supportable reasons to prefer true privacy in their financial dealings in digital assets from interacting with the smart contracts developed for use in DeFi needs to be recognised as an undesirable, functionally impossible, and ultimately counterproductive, mission.
What the future may hold
It is critical that regulation in Web 3.0 should be applied functionally to users of DeFi services, not to the protocol software or its developers, or to those operating access points. An intermediary-based compliance mindset served us well for the 70-plus years since World War II but will be an abject failure if applied to DeFi. DeFi presents a once in a lifetime opportunity to rethink our financial infrastructure from the ground up.
A two-tier system of open access through non-permissioned portals (or direct access to the underlying smart contracts for users who are not subject to mandatory KYC/AML obligations and who are comfortable using decentralised peer-to-peer systems), on the one hand, and, on the other, permissioned portals for institutions, enterprises, and others required to comply with KYC/AML obligations due to their existing regulatory status or otherwise seeking to conduct significant transactions in a managed environment, could create a viable pathway forward. This side-by-side development of Automated Finance and Decentralised Finance would support the growth of DeFi as we know it today while allowing many more to benefit from its innovations. At the same time, such an approach would still give regulators the opportunity to protect the next generation of financial infrastructure from those seeking to exploit these developments for unlawful or illicit ends.