Many advocates of DeFi (decentralized finance)received a wake-up call last week when the leading decentralised lending platform Aave found itself unable to fully liquidate a CRV position on its platform (CRV is the token of DeFi exchange Curve), resulting in Aave having to make themselves whole again via their treasury. The issue wasn’t due to a bug in Aave as such, but a liquidity squeeze in the CRV token, so the platform was unable to fully unwind the USDC collateral that had been posted to borrow the CRV tokens.
DeFi still has its vulnerabilities
Aave’s token price dipped slightly as a result of this drama and subsequently recovered, but apart from Aave losing $1.7m from their treasury, no one was impacted significantly. These events do highlight why DeFi in its current form is likely to get some regulation. What if Aave didn’t have the funds in its treasury to make itself whole? What if they had to start unwinding some of their other positions due to a liquidity crunch? Would there be any recourse that users could take?
In a regulated environment, there are investor protections in place, but in DeFi there are none. I don’t believe that all of DeFi should be regulated — its open nature is a good thing for innovation and those who can’t take for granted stable financial systems and services. However, protections should exist for less technology-savvy investors.
The DeFi ecosystem
Before diving into the regulatory landscape, it's essential to understand the DeFi ecosystem. DeFi encompasses a variety of decentralized applications (dApps) and protocols built on blockchain technology. These platforms offer services like lending, borrowing, trading, yield farming, and asset management, often powered by smart contracts on blockchain networks like Ethereum.
Ethereum hosts the majority of the DeFi ecosystem, which succeeds in being a permissionless decentralized network. This is in part because there is no single entity that can exert significant control over the network. However, the applications built on top of it, do not inherit all of these benefits, as there will always be a collective of individuals or companies at best or a single individual at worst responsible for these applications deployed on top of it. These collectives form the trust anchors of these blockchain decentralized applications. In the case of the stablecoin USDC it is Circle, in the case of Aave and Uniswap it’s their DAOs. The former of these is a corporation, the latter two are DAO-governed entities. What they all have in common is their ability to exert executive control over these DeFi protocols.
This control is a necessity to have well-functioning web3 protocols. Without them, questions of responsibility and accountability would arise, which would impact trust. Code may be considered law by some in web3, but it doesn’t mean much if you don’t know who has executive responsibility for it.
This brings me to the point that regulation for these trust anchors on blockchains will ultimately impact adoption. They shouldn’t have to be regulated, but there should be some regulation in place that allows their users to have some idea of any legal recourse they may be entitled to in the event of a failure — right now there is none.
Jurisdictional Issues: DeFi operates in a borderless digital environment, making it challenging for regulators to establish jurisdiction and enforce their rules. Many DeFi projects are decentralized and have no central point of control, making them difficult to regulate.
AML/KYC Compliance: Anti-money laundering (AML) and know-your-customer (KYC) regulations are critical for preventing illicit activities. However, many DeFi projects prioritize user privacy and anonymity, which can conflict with these requirements.
Consumer Protection: DeFi users face risks, such as smart contract vulnerabilities, rug pulls (exit scams), and hacks. Regulators want to ensure that users are adequately protected from these risks.
Current regulatory approaches
Regulators worldwide are still in the process of understanding DeFi and formulating regulations, but these are some of the approaches in use:
Securities regulations: Some DeFi tokens or projects may be classified as securities, subjecting them to securities regulations. This can impact initial coin offerings (ICOs) and token sales.
AML/KYC compliance: Some countries are exploring ways to apply AML and KYC requirements to DeFi platforms, especially when DeFi interacts with the traditional financial system.
Licensing and registration: Some jurisdictions require DeFi projects to obtain licenses or register as financial service providers. This can involve compliance with specific regulatory standards.
This would be a good thing, not only for the users but also for the operators, as it will ensure these trust anchors for services are clear on their obligations to their users. With this in mind, it’s likely that we will see forward-thinking financial institutions embracing public blockchain networks more and more to establish themselves as these trust anchors in the future. We saw a glimmer of this future a few weeks ago when J.P. Morgan along with DBS, SBI Digital Asset Holdings and the Monetary Authority of Singapore tokenized bonds and deposits to demonstrate an FX transaction using a fork of Aave and a bond purchase using a fork of Uniswap on Polygon.
In these scenarios, the regulated financial institutions were the trust anchors providing these on-chain assets. The trust they provided wasn’t just in terms of the tokenized assets that were issued on the Polygon blockchain, but also in the decentralized identifiers that were used to identify and permission all participants in these transactions. This ensured that all participants taking place in the transactions were regulated entities.
Whilst there were a number of regulatory challenges highlighted that exist with undertaking such activities, the changes are not insurmountable when measured against the upside of such activities for financial firms. These will likely be addressed over time. In the same way that well-known brands can utilise their brand equity online to sell products and services, regulated institutions will have a significant advantage when it comes to providing web3-based products and services. For instance, if you’re a company or individual that’s new to web3 and you choose to hold a dollar-backed stablecoin, who are you going to trust?
When J.P. Morgan offers such a service, I doubt you’ll have many people questioning its solvency of it. Ditto with securities, if you see a tokenized security issued by the London Stock Exchange, will you trust that more than one issued by a team doing a security token offering (STO) directly?
The point is that as the regulatory landscape becomes clearer for web3, more and more regulated firms will start to embrace it, in the same way, that during the 90s and ‘00s we saw financial firms establishing web presences and offering new products and services directly to their customers. DeFi is not the only part of the web3 ecosystem that will see these institutional trust anchors emerge. We already have centralized exchanges providing custody and crypto FX services for their users. Regardless of the apathy that exists towards them and their business practices, they provide necessary services for the vast majority of non-tech-savvy users of web3.
Regulated financial entities will start to play in this space more and more over time, as they have spent decades being custodians of various currencies and financial instruments, web3 assets are a logical extension of this. It’s also likely that the so-called holy grail of web3 — blockchain bridges facilitating cross-blockchain asset transfer will rely on intermediaries to achieve its goal.
If the trust anchor of a bridge is a series of smart contracts, you end up with valuable honeypots that span multiple blockchains. Keeping these up to date against the latest security vulnerabilities on the blockchains they support gets exponentially harder, the more protocols that are supported, which is why having an intermediary in the middle to facilitate transactions such as an exchange seems like a more realistic end state.
Trust anchors will become an ever-increasing component of the DeFi ecosystem and web3, which along with regulation will help build the next generation of products and services for a new generation of users. It’s likely that a number of these trust anchors will be financial firms that exist today. This may not be as exciting a proposition as having the majority of web3 being served up by dynamic web3 native startups.
However, when it comes to onboarding billions of new users in a manner that protects their financial interests in the safest way possible, utilising the brand equity of today’s well-established behemoths, where many of them already hold their financial assets, seems like the safest way for the majority.
For those who want to stick to unregulated, decentralized cryptocurrencies, DeFi will still be there. But if you’re using stablecoins, it’s probably best to stick to the best-capitalised institutions backing them, as self-custody is not ready for the mainstream.