Regulatory Touchpoints in DeFi

Regulation and Web3 have been a subject of policymakers recently, with conversations becoming elevated around DeFi. As former Maker Foundation employees who contributed to MakerDAO’s decentralization, some key elements from our experience can help shape the conversation to be more transparent, more definitive, and more applicable.

Financial intermediaries are the foundation of financial services and the primary touchpoints for regulators, with activity-based regulation close behind. Decentralized Finance, or DeFi, has seemingly turned this on its head because, if decentralized with no intermediaries, will the traditional regulatory toolbox still work? The answer is yes.

DeFi is more about creating efficiency than disintermediation. Historically, the more technology develops, the more the incumbent intermediated architecture needs to change. However, intermediation does not disappear; it just shifts its resources around. Efficiency brings lower costs and an expanded user base, which also applies to DeFi.

Realistically, DeFi,  even thriving, is still a technology, a set of tools. Users care more about convenience and financial incentives than technology. For example, paying wages continuously to a struggling single parent - which DeFi can do - instead of every two weeks or monthly could remove reliance on expensive and extractive payday loans. But that means still working with a financial intermediary, still requiring a front-end providing that service while abstracting back-end integrations into DeFi.

Opting In versus Opting Out

Most users will want the benefits of DeFi but will also choose to use regulated front-ends where consumer and investor protections are in place. But, Blockchain and DeFi technology are about choices that previously were not available, such as self-sovereignty and agency - essentially, the ability to opt-out.

The choice to opt-out is not universally applicable. Because as a citizen, you cannot simply opt-out of the legal system. In addition, opting out is about choosing against having the benefits afforded to you, such as consumer and investor protection; it does not mean AML, CTF, or CPF does not apply to you.

A user expresses their self-sovereignty by the way they engage with DeFi. As mentioned above, if a user engages with a regulated front-end, they are opting in. But, on the other hand, if a user engages directly with a protocol through, for example, a command-line interface (CLI) - they are opting out. And, they are doing so for several reasons, ranging from privacy and trust to a believed misalignment of values with incumbent financial services providers.

Where to Apply Regulation to DeFi

The entry point into DeFi is the first and most crucial regulatory touchpoint, and it's not binary; it is a spectrum. Between the regulated financial services front-end and the CLI exists several possibilities that require a different approach resulting in a range of light-touch to full-on regulation dependent on how, why, and who made the entry point (Diag.). For example, suppose a development community created a front end and deployed it to a decentralized server. In that case, it is a public good, and the light-touch regulatory ask would be to add a ‘warning label.’ If the community chooses not to, it creates a red flag for users.

Regulation at the entry point of DeFi
Regulation at the entry point of DeFi

The second crucial regulatory touchpoint is DeFi itself, specifically, the underlying DeFi tools. Assuming the DeFi tools are decentralized, how do we know they are safe and will work? Do we all need to become blockchain and development experts? The answer is no.

Users need confidence that a DeFi tool is secure and will perform within reasonable expectations. Therefore, security is paramount, and Security Audits would be required, both initial and ongoing, and made publicly available. In addition, ensuring the tool performs as expected may require Formal Verification (mathematical audit), which is also an additional security step. Lastly, Economic Audits help to understand the dynamics of the tool and how it would perform under various market scenarios. The industry could implement a certification process. A certificate issued by a Regulator or SRO would indicate the level and number of audits performed to give the user the requisite confidence to engage with the tool.

There are quite a few more touchpoints than the two presented. But, the point was to introduce them in a more apparent context of DeFi.

Value Through Choice

DeFi is about creating value through efficiency, not just disintermediation, and through choice - including opting out, but not out of your responsibilities as a citizen. Furthermore, DeFi is inclusive, meaning to serve all people, especially those who need or want the benefit of DeFi without knowing or caring about it - because that’s their choice - and at the end of the day, the ability to choose is what DeFi is all about.