Financial Regulation based on DeFi and Life-cycle

Any financial regulation should have the following common objectives: protection of investors and other consumers; market efficiency and integrity; financial inclusion; capital formation; financial stability; prevention of illicit activity; and safety and soundness. Each objective provides a distinct logic for the various types of rules that have been framed. For instance, regulators concerned about custodians’ ability to flee with funds will typically prioritise investor protection. However, the noncustodial nature of DeFi alleviates these concerns while creating new ones.

DeFi activity encompasses a range of financial regulation domains, including securities, derivatives, exchanges, investment management, bank supervision, risk management, consumer finance, financial crime, insurance, and macroprudential supervision. A coherent overarching strategy is critical and could be delegated to a taskforce or similar body comprised of cross-entity representatives. Certain DeFi activity patterns will clearly correspond to established legal categories, while others will not.

A variety of policy actions may be taken to address DeFi:

– Forbearance: a decision to refrain from requiring new regulations

– Warnings: issuance of warnings to users/consumers

– Opt-in: despite the absence of a legal requirement, an option to become subject to regulations in exchange for certain protections is provided.

– Enforceability: determinations that existing rules cover the relevant actors and activities but have not been followed

– Regulator pruning: removing regulations that are not applicable or necessary in the DeFi context

– Prohibitive measures: In the DeFi sector, certain activities are prohibited.

– Policy on limited licences: under certain size thresholds or with a limited scope, the possibility of obtaining licences with lax requirements

– New licence types: addresses new risk categories unique to DeFi

– Providing guidance: developing new frameworks, which will almost certainly include public comment or consultation prior to their official release.

To create an effective regulatory response to DeFi, a combination of existing regulation, retrofitted regulation, and new, bespoke regulation is likely to be used. Legislation governing digital assets is being developed, such as the European Union’s comprehensive Markets in Crypto Assets (MiCA) proposal. The majority of jurisdictions, however, have not yet adopted bespoke frameworks.

Historically, the relevant government body used to be relatively more explicit and focused on ultimate control of an operation. However, the relevant activities in the DeFi context are not carried out by a single central entity. Token holders and software developers can be easily identified in this segment, with the exception of those in roles that are traditional regulatory touchpoints. Due to the protocols’ decentralised nature, even after operators are identified, they may lack the ability to modify or terminate DeFi services.

Without being directly associated with a particular user, smart contracts can interact with the assets held by other smart contracts. Regulators must gain access to and identify the accountable entity, as well as a locus of accountability. It is possible to accomplish this by thoroughly examining the services, even with nominal decentralisation.

Legal regimes that require knowledge or foresight of potentially harmful consequences frequently include mechanisms for vicarious secondary “controlling person,” “responsible officer,” or aiding-and-abetting liability. If developers of DeFi services or others associated with the business have identified and mitigated legal compliance risk, policymakers would only need to consider whether it is appropriate to mandate that they should have. On the other hand, regulating software development raises significant concerns about freedom of expression and manageability, which must be addressed appropriately. Indeed, in the realm of blockchain networks and digital assets, the borderless nature of these assets creates complications for national or subnational DeFi regulation.

Regulation based on the lifecycle of DeFi services to address potential dangers

Typically, regulation occurs later in a product’s or service’s life cycle, when there is no inherent distinctive risk and the harms that trigger liability or regulatory enforcement are more likely to occur. Regulators are more likely to take a “do no harm” approach early on, given the relatively small scale and innovative potential of emerging technologies. Strict regulation and close supervision and control are applied to products with obvious dangers or potential for misuse, such as poppy flowers and weapons. However, technological systems are generally in the middle. Along with maturing, DeFi services have the potential to become more decentralised over the course of their life. The degree of decentralisation is also critical for policymakers and regulators to consider. There are four stages of life that can be used to develop rules and regulations to address potential dangers associated with DeFi services. As illustrated in Figure below, the life cycle stages are as follows: (1) development; (2) publication; (3) deployment; and (4) operation.

Although it may operate under the auspices of an open-source development community, a non-profit foundation or association, or a decentralised autonomous organisation (DAO). Nonetheless, a distinct group of protocol developers will exist. After a protocol is published, indicating a combined deployment stage, it may be developed into services and marketed to users by multiple teams. Later on, those services may be forked by different teams. The protocol and smart contracts will largely automate the operation of the service, which will be moderated by decentralised governance processes.

Regulatory obligations can be easily imposed during the early stages of a product’s lifecycle, when clearly identifiable access points and more room to influence the long-term trajectory exist. However, the closer the nexus to actual demonstrable harm is to the earlier in the life cycle, the weaker the link to actual demonstrable harm is and the greater the potential implications for innovation – so it is critical to determine when regulatory intervention is proportionate to the risks. Early-stage tools that incentivize rather than mandate action, such as sandboxes, safe harbours, and no-action letters, can be an effective way to mediate this conflict.