At DC Fintech Week in Washington, DC this past week, I moderated a conversation about how decentralized finance (DeFi) projects could comply with various regulations.
You are reading State of Crypto, a CoinDesk newsletter that looks at the intersection of cryptocurrency and government. Click here to subscribe to future editions.
The story
Are developers liable for how their projects are used? Can they prevent criminals from using their projects? In other words, is regulatory compliant decentralized finance an oxymoron?
Why it matters
Developers’ liability for how their decentralized projects are used has already been the subject of multiple criminal cases in the US and elsewhere (see, for example, the cases against Tornado Cash developers Roman Storm and Alexey Pertsev). Without getting into the details of these cases, there is a broader general question about how much developers can do to prevent malicious actors from using their projects, and to what extent regulators can design guide rails for DeFi.
I had the privilege of discussing this with Maha El Dimachki, the head of the Singapore Center of the BIS Innovation Hub, Yaya Fanusie, global head of policy at Aleo, and Lee Schneider, general counsel at Ava Labs, during a panel at DC Fintech Week on Thursday.
Breaking it down
Compliance and decentralized finance inherently sound like a contradiction. Users should be able to use a truly decentralized protocol for any purpose, and the project developers should not have the ability to interfere with these transactions in any way. At least that’s one theory. Another is that developers are required or required to prevent dangerous actors from abusing their projects.
Developers could and should be able to build in certain tools or features to ensure compliance with certain regulations. The speakers on this panel seemed to agree, with some caveats.
The biggest of these caveats is that we need to come to a specific consensus agreement on how we define compliance here.
Fanusie said he would frame developers’ obligations more as “risk management,” focusing on the problems they might face (for example, suspected money launderers or other malicious actors).
Schneider said another way to describe this is that neither developers nor regulators want users to lose their money (to roughly paraphrase his comments). In that sense, both parties here are aligned in their goals for DeFi.
And El Dimachki, who previously worked at the UK’s Financial Conduct Authority, said outcomes-oriented policymaking, with regulators looking to prevent malicious activity, is the focus of how they can approach the rules around DeFi.
There seemed to be general agreement among the panelists that there are steps developers can take to ensure they don’t run afoul of regulations, but as always, the devil is in the details.
Obviously this is an ongoing debate, and I’m curious to hear what you all think. I would like to collect your opinions on the following questions:
- Is compliant DeFi an oxymoron?
- DeFi implies global projects. Is it even possible for a truly decentralized project to meet regulatory needs in every jurisdiction in which it operates?
- If a project is decentralized and open-source, what’s to stop a malicious actor from building their own front-end and using a protocol for their own purposes? And should developers still have some form of liability in that scenario?
Feel free to respond to this newsletter or send me an email directly with your opinion. I would like to have a follow-up conversation at some point. And of course I want to thank the good folks at the Fintech Foundation for inviting me to be part of this conversation.
Wednesday
- 2:00 PM UTC (10:00 AM ET) The House Financial Services Committee is expected to hold a hearing with federal bank regulators. That hearing was postponed Friday afternoon after House Speaker Mike Johnson announced the House would remain in recess.
Thursday
- 2:00 PM UTC (10:00 AM ET) The Senate Banking Committee is expected to hold a hearing with federal bank regulators. This is not the standard six-monthly supervision of prudential supervisors; it is titled “Update from the Prudential Regulators: Rightsizing Regulation to Promote American Opportunity” and at the time of writing appears to still be happening as planned.
If you have any thoughts or questions about what I should cover next week or any other feedback you’d like to share, feel free to email me at [email protected] or find me at Bluesky @nikhileshde.bsky.social.
You can also join the group conversation on Telegram.
See you next week!
