The Commodity Futures Trading Commission’s Digital Assets and Blockchain Technology Subcommittee of the Technology Advisory Committee (TAC) released a report entitled Decentralized Finance.
CFTC Commissioner Christy Goldsmith Romero, sponsor of the TAC, stated
“From the time that I arrived at the CFTC, I have played a steady drumbeat that we need to study emerging issues related to digital assets or we could risk harmful unintended consequences. This report is the result of the hard work of the TAC Digital Assets and Blockchain subcommittee to study DeFi. It is intended to help inform ongoing policy debates in the U.S. Congress, state legislatures, and regulators including the CFTC. It provides a foundational understanding of DeFi. It finds that the benefits and risks of DeFi depend significantly on the design and features of specific DeFi systems. However, most DeFi systems are not completely centralized or decentralized, but instead operate on a spectrum. I hope that this report can serve as a first step to facilitate a dialogue between policymakers and industry particularly because DeFi remains at the center of illicit finance risks, cyber hacks and theft.”
In April, the Department of Treasury reported on illicit finance risks in DeFi and recommended that federal regulators conduct further engagement with industry to explain how relevant laws and regulations apply to DeFi services, and take additional regulatory actions and publish further guidance informed by this engagement. Today’s report reflects the start of such engagement.
The report discusses that the benefits and risks of DeFi depend significantly on the design and features of specific systems, and that a central concern related to DeFi systems is the lack of, and some industry designs to avoid, clear lines of responsibility and accountability.
This feature of DeFi systems may present the clearest ways in which DeFi poses risks to consumers and investors, as well as to financial stability, market integrity and illicit finance—it implicates no clear route to ensuring victim recourse, defense against illicit exploitation, or the ability to insert necessary changes and controls during periods of crisis and network stress. Given the potential risks, the report finds that government and industry should take timely action to work together, across regulatory and other strategic initiatives, to better understand DeFi.
The report presents detailed recommendations to mitigate risks to investors, consumers, market integrity, financial stability, and to combat illicit finance:
- Resource assessment, data gathering and mapping: increase technical capacity and understanding of DeFi; map existing DeFi to measure and highlight interconnections and threat vectors (the use of leverage, concentration, and potential cybersecurity vulnerabilities); develop continuous data gathering, monitoring, information sharing, and regulatory partnerships.
- Survey the existing regulatory perimeter: use the mapping exercise to determine whether DeFi products and services are within the U.S. financial regulatory perimeter; assess the level of compliance; identify regulatory gaps and whether frameworks should be expanded to address risks; partner with self-regulatory organizations; evaluate international peer jurisdictions’ regulation.
- Risk identification, assessment, and prioritization: including risks posed by asymmetric information and conflicts of interest, operational, technical and security vulnerabilities, liquidity and maturity mismatches, over-leverage, algorithmic discrimination, wash trading, front running and other types of market manipulation, oracle exploitation, vulnerabilities in consensus protocols, hardwired algorithmic failures, reliance on key service providers and other forms of concentration risk; financial and technological complexity of DeFi compositions; hardwired procyclicality; and illicit finance.
- Identify and evaluate the range of potential policy responses to address risks: including disclosure, regulatory reporting, third party auditing, entry restrictions, regulatory supervision, governance regulation, conduct regulation, product regulation, balance sheet regulation, activity restrictions, structural regulation, and resolution planning.
- Foster greater engagement and collaboration with domestic and international standard setters, regulatory efforts, and DeFi builders.
Given the ongoing exploits of DeFi for their absence of AML/CFT protections, the report recommends specific actions applied to anti-money laundering and digital identity. The report recommends that policymakers apply the broader holistic approach listed in the recommendations above (e.g., assessing how identity information is required to be collected in DeFi system, identify compliance gaps and requirement gaps, and specific risks (e.g., AML/CFT, consumer protection) and vulnerabilities).
The report recommends evaluating options for regulating and imposing requirements for identity information discoverability and verification across layers in the ecosystem. This could involve regulating more centralized identity information and credential repositories and service providers, and determining what level of identity information must be collected and leveraged by different financial actors at different layers of the DeFi stack.
This requires examining various types of identity information to determine what information should be discoverable and to whom, and under what conditions and due process.
Featured image credit: edited from freepik