CFTC’s Technology Advisory Committee Releases Report On Opportunities and Risks In DeFi

• CFTC's Technology Advisory Committee issues report on DeFi;
• Report provides deep dive on opportunities and risks in DeFi;
• Report calls for policy makers to work with DeFi builders to better understand technical and regulatory challenges;
• Report calls on policy makers to study the regulatory perimeter and ways in which it should be expanded to encompass decentralized systems;
• While other policy makers have written about DeFi, the TAC report is one of the most accessible and detailed to date on regulatory opportunities and challenges.

Today, the Digital Assets and Blockchain Technology Subcommittee of the CFTC’s Technology Advisory Committee, released a report on Decentralized Finance. The TAC, which is sponsored by Commissioner Christy Goldsmith-Romero, chaired by former White House and Treasury official Carole House and vice-chaired by TRM Labs’ Ari Redbord, focused on both the “promising opportunities and complex, significant risks” of DeFi. 

The report attempts to address the central issue for policy makers as we move deeper into a more peer-to-peer decentralized financial ecosystem – how to ensure that lawful users are able to transact in a secure and private manner while, at the same time, mitigating various risks including systemic, market integrity, and those associated with illicit actors who seek to take advantage of the promise of the technology for malign activity. 

The report finds that, “applications leveraging blockchain and other distributed ledger technologies . . . hold out the promise of greater transparency and efficiency, expanded access to basic financial products and services, and a more resilient financial system. Yet this promise has also come with very significant risks. In the absence of effective regulation, enforcement, and compliance, many of these DeFi projects, enterprises, and ecosystems have been vulnerable to fraud, mismanagement, and serious regulatory violations.”

While the report focuses on both opportunity and risk, there is an awareness throughout the paper that both opportunities and risks depend significantly on the design and features of specific systems and the level of decentralization – e.g. is a protocol actually decentralized or DeFi-in-name-only?

According to the TAC, “The central message of this report is that both government and industry should take timely action to work together, across regulatory and other strategic initiatives, to better understand DeFi and advance its responsible and compliant development.”

‍To that end, the report makes a number of key findings and recommendations:

• The defining feature of DeFi systems is that they are characterized by highly automated financial networks that have no single point of failure, do not rely on a single source of information, and are not governed by a central authority that is capable of altering or censoring this information in order to perform tasks central to delivery of one or more financial services.

•  Understanding DeFi systems is extremely complex, requiring an examination of features of decentralization in enterprises, projects, and ecosystems across several dimensions: access, development, governance, finances, and operations.

• Most DeFi systems are not completely decentralized or centralized, but instead fit on a multi-level spectrum of (de)centralization, varying along each of the functional and technical dimensions. 

• The architecture of DeFi involves key components across mutually supporting layers of technology and functionality critical to the delivery of financial products and services, specifically the physical/hardware, protocol, network, data, application, user, asset and market, and governance layers; all working to support operations and communications across networks with varying degrees of core characteristics of programmability and composability, automation, transparency, openness, and immutability and censorship resistance. 

• Policymakers should align regulatory strategies in pursuit of a balance across all desired regulatory objectives or outcomes in DeFi innovation, including: customer and investor protection, promoting market integrity, ensuring microprudential safety and soundness, financial stability and mitigating systemic risk, combating illicit finance and protecting national security, reinforcing and securing U.S. competitiveness and leadership, and expanding access to safe and affordable financial services.

• Decentralized networks and technologies operating largely on public, un-obfuscated ledgers present opportunities to leverage efficiency improvements in payments and financial markets, more transparent and auditable financial services, enhanced financial sector resilience, dismantled barriers to access to financial services, promotion of innovation and competition, and reinforced U.S. leadership in technology and finance.

• Policymakers should understand the type, nature, sources, probability, and potential impact of identified risks presented by DeFi including to investors and consumers, market integrity, financial system stability and Combating illicit finance, protecting national security, and maintaining U.S. leadership. 

• Experts have long discussed risks that the ongoing development and growth of financial institutions and networks outside of the United States may pose to national security and U.S. leadership—including the risks stemming from the emergence of geopolitical competitors. While these challenges transcend DeFi, further transitioning significant financial projects, enterprises, and ecosystems offshore—including those related to DeFi—could potentially compound these challenges in the long term. Associated risks presented by this loss in leadership could include loss or diminishing of geopolitical status as provider of the global reserve and transaction currency, and loss of surveillance and accountability enforcing capacity to combat illicit finance and safeguard national security.

• To successfully develop and implement regulatory strategies in a space with very complex business models and technologies, as well as a challenging environment for dialogue, policymakers will have to address several core issues including understanding how DeFi systems fall within the existing regulatory perimeter, whether the existing perimeter needs to be expanded, and how best to allocate responsibility and accountability in a world of decentralized governance.

• Industry players also hold distinct responsibility and capabilities to shape responsible development in DeFi, especially through integration of compliance and security measures that will likely enhance the sector’s success with wider adoption and trust across enterprises and consumers.

The TAC makes a number of recommendations and focuses on the importance of public private partnerships

The report also makes recommendations that include increasing technical capacity for policy makers, data gathering, surveying the existing regulatory perimeter, identifying risks, evaluating the range of potential regulatory responses, fostering greater engagement with DeFi builders, and prioritizing progress on digital identity and other technologies that could foster both privacy and security in the decentralized space. In short the report recommends a public-private “surge” of policy and R&D efforts where sandboxes are used to better understand the what-is-possible when it comes to enabling the technology to help foster a long term balancing of privacy and security.

Policymakers turn to DeFi

While policymakers around the globe have constructed regulatory frameworks for crypto, the focus has, almost exclusively, been in the context of centralized exchanges with regulators seeking information from siloed intermediaries the same way that information flows from banks to their regulators today. 

While the CFTC’s TAC is not the first to tackle the opportunities and challenges associated with DeFi regulation, the report is one of the most detailed and technical discussions on the topic to date. In April 2023 the US Treasury Department published a Risk Assessment for DeFi in which the department opined that DeFi activities could fall under the Bank Secrecy Act’s (BSA) onerous anti-money laundering (AML) obligations. France and Abu Dhabi have also issued a consultation and white paper on decentralized finance respectively. International standard setters have led the way when it comes to DeFi exploration. In October 2021 guidance the Financial Action Task Force (FATF) attempted to define decentralization and IOSCO, BIS, and FSB have all written on the topic. However, still reeling from the collapse of FTX, most regulators globally continue to focus on the centralized space.

At the first meeting of the TAC in March 2023, Mr. Redbord, TRM’s Global Head of Policy, explained that while the collapse of FTX has been the focus of headlines and policy makers:

“....the true promise of blockchain technology is DeFi. DeFi is Financial services offered without a traditional financial intermediary delivered via a software program or “smart contract” which uses distributed ledger technology and enables peer-to-peer transactions. DeFi enables an ecosystem of peer-to-peer financial services untethered from many of the issues that plague our current system and offers the promise of financial inclusion. Peer-to-Peer cross border value transfer at the speed of the internet. That is the promise.”

The TAC report does not lose sight of that promise or the challenges that come with it and lays the groundwork for study, exploration and a broader discussion on how to ensure that lawful users are able to transact securely and privately, and, at the same time, malign actors are not able to take advantage of new technologies. If 2023 was the year for global standards for centralized crypto, perhaps 2024 will see a move toward more robust discussions about regulation for the decentralized ecosystem.