During DC Fintech Week in Washington, DC last week, I moderated a conversation about how decentralized finance (DeFi) projects could comply with various regulations.
You’re reading State of Crypto, a CoinDesk newsletter that looks at the intersection of cryptocurrency and government. Click here to sign up for future editions.
The narrative
Are developers responsible for how their projects are used? Can they stop criminals from using their projects? In other words, is regulatory compliant decentralized finance an oxymoron?
Why it matters
Developers’ responsibility for how their decentralized projects are used has already been the subject of numerous criminal cases in the US and elsewhere (see, for example, the cases against Tornado Cash developers Roman Storm and Alexey Pertsev). Without getting into the specifics of these cases, there is a broader general question of how much developers can do to prevent malicious actors from using their projects, and the extent to which regulators can design guide rails for DeFi.
I was privileged to discuss this with Maha El Dimachki, the head of the BIS Innovation Hub’s Singapore Center, Yaya Fanusie, global head of Policy at Aleo, and Lee Schneider, general counsel at Ava Labs, during a panel at DC Fintech Week last Thursday.
To break it down
Compliance and decentralized financing inherently sound like a contradiction in terms. Users should be able to use a truly decentralized protocol for any purpose, and the project’s developers should have no ability to interfere with these transactions. At least that’s one theory. Another is that developers are or should be required to prevent dangerous actors from exploiting their projects.
Developers could and should be able to build in certain tools or features to ensure compliance with certain rules, although the speakers on this panel seemed to agree, with some caveats.
The biggest of these caveats is that we need to come up with a specific consensus agreement on how we define compliance here.
Fanusie said he would describe the developers’ obligations more as “risk management,” focusing on what problems they might encounter (alleged money launderers or other malicious actors, for example)
Schneider said another way to describe this is that neither developers nor regulators want users to lose their money (to roughly paraphrase his comments). In that sense, both parties here are aligned in their goals for DeFi.
And El Dimachki, who was previously at the UK’s Financial Conduct Authority, said outcomes-based policy-making, where regulators seek to prevent malicious activity, is the target of how they could approach the rules around DeFi.
There seemed to be general agreement among panelists that there are steps developers can take to ensure they don’t run afoul of the rules, but that the devil is always in the details.
This is of course an ongoing debate and I’m curious what you all think. I would like to collect your thoughts on the following questions:
- Is compatible DeFi an oxymoron?
- DeFi implies global projects. Is it even possible for a truly decentralized project to meet the regulatory needs of every jurisdiction in which it operates?
- If a project is decentralized and open source, what’s to stop a malicious actor from building their own front-end and tapping a protocol for their own purposes? And should developers still hold some kind of responsibility in that scenario?
Feel free to reply to this newsletter or email me directly with your thoughts. I would like to have a follow-up conversation at some point. And of course I want to thank the good people at the Fintech Foundation for inviting me to be a part of this conversation.
Wednesday
- 14:00 UTC (10:00 ET) The House Financial Services Committee is scheduled to hold a hearing with federal banking regulators. That hearing was adjourned on Friday afternoon after Speaker of the House Mike Johnson announced that Parliament would continue to be in recess.
Thursday
If you have thoughts or questions about what I’ll be discussing next week or any feedback you’d like to share, feel free to email me at [email protected] or find me at Bluesky @nikhileshde.bsky.social.
You can also join the group conversation on Telegram.
See you next week!
