Skip to content

The DeFi Regulatory Challenge

The Digital Regulator


DeFi is a new financial paradigm that generates significant benefits. As of 14 September 2021, DeFi transactions were funded by no less than USD 88.7 billion. The risks associated with DeFi are also significant and amplified by its unregulated environment. Since 2017, the evolution of cryptofinance has shown that a regulatory approach that can provide certainty to the private sector, support innovation, and mitigate money laundering and investors’ risk can boost cryptocurrencies adoption. The same holds true for DeFi. The critical question is how to regulate DeFi. In this context, the current debate in the US suggests that the enforcement approach – the application of financial laws to DeFi – is ill-suited to achieve the intended goal, because it is built on the concept of centralised intermediary – which per definition is absent in DeFi. A prudential regulatory approach, focused on setting risk control and capital or liquidity boundaries on the private sector and actors, may be more conducive to the intended outcome, particularly when informed by a principle-based regulation. It will require a proactive stance from the DeFi sector and actors. Embedding RegTech solutions in smart contracts may constitute a constructive opportunity going forward.

The last few weeks have offered several regulatory developments in the digital space. The roll-out of Central Bank Digital Currencies (CBDC) continues, with initiatives in Venezuela, Thailand. Australia, Singapore, Malaysia, and South Africa. The clampdown on the cryptoexchange Binance started months ago in the US has had worldwide implications via ripple effects. Jurisdictions begin to shift their focus away from the specific case and undertake resolute actions by considering cryptoexchanges as a sector (South Korea) and formulate steps to bring cryptoexchanges within the regulatory perimeter (Spain, the US). Finally, India is reportedly poised to take an open stance on cryptocurrencies after years of defending its ban.

DeFi's Risks, Benefits, and Regulatory Approaches

DeFi is a new financial paradigm that carries significant benefits over traditional finance and material risks that get amplified by the unregulated nature of the DeFi ecosystem. As of 14 September 2021, there were no less than USD 88.7 billion funding DeFi transactions. This section briefly characterises DeFi, presents a review on its main benefits and risks, and discusses the ongoing regulatory initiatives.

  • DeFi: What is it? —DeFi is the abbreviation for Decentralised Finance, that is, DeFi denotes finance without financial intermediaries. It takes the form of blockchain-based open-source protocols that allow individuals to perform peer-to-peer financial transactions. The transactions are implemented by smart contracts (computer programs that execute transactions in an autonomous way) that rely on cryptocurrencies, particularly stablecoins. The parties keep complete control of their assets via privately managed digital wallets. Hence, DeFi does not involve service providers either. In some cases, the parties are rewarded by the DeFi protocols with ‘governance tokens’, which are earned in exchange of engaging with the system and conducting transactions. The main categories of financial services made available through DeFi include exchanges (the trading of digital assets), derivatives trading, credit or lending, and asset management.
  • DeFi: Risks—DeFi is full of risks. Operational risks include human (user) errors, smart contract vulnerabilities, hacking and cyberattacks, information technology failures, and various types of technological threats. Investors’ risks involve misleading information; frauds; a complete absence of consumer protection rules, including, more broadly, all types of risk mitigations associated with transacting with regulated financial intermediaries; and related controls and insurances. Asset risks are akin to the risks associated with cryptocurrencies and are observed in terms of heightened price volatility. Regulatory risk takes the form of the absence of recourse, given the unregulated nature of DeFi.
  • DeFi: Benefits—DeFi generates significant benefits when compared to traditional finance. The DeFi applications improve the availability and inclusiveness of financial services. Services are delivered more efficiently through disintermediation and complete digitisation. Services are available 24/7, borderless. Their usage is comparatively easy due to high automation. The services provided have low entry costs for offerors and low operating costs for users. DeFi expands the possibilities of cryptoassets and their scope, thereby consolidating their role as a new asset class. DeFi services also deliver the benefit of blockchain technology, in particular transparency.
  • DeFi: Regulatory Approaches
    • In October 2020 , the US Securities and Exchange Commission (SEC) emphasised on DeFi when discussing significant trends in the blockchain and cryptofinance spaces and noted the challenges faced by the prevailing US regulatory structure. By February 2021, it became clear to the SEC that the US federal regulators were required to address DeFi and ‘provide both legal clarity and the freedom to experiment so that DeFi can compete with CeFi [Centralised Finance] to offer investors financial services’1. Japan’s Financial Services Agency also emphasised on the importance of formulating regulatory rules for DeFi in July 2021.
    • In March 2021, the Financial Action Task Force (FATF) issued an update to its 2019 Guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs) for consultation. The consultation was concluded on 20 April 2021; the final revised Guidance will be issued in October 2021. The goal of the proposed updates is to broaden the definition of VA and extend the definition of VASP to ensure that all digital financial assets—including those transacted via DeFi—are captured by FATF standards. See our Digital Regulator issued on 12 May 2021 for further details on this topic.
    • Recently, the regulatory discussion on DeFi intensified in the US. The Chairman of the SEC intervened multiple times to reiterate the financial regulation’s core public policy goals—focused on the investors’ and consumers’ protection, fighting illicit economic activities, and ensuring financial stability—even though the latter has not posed as a risk to cryptofinance yet. The SEC believes that investors’ protection is lacking in cryptofinance, and there particularly exists a material gap in the DeFi space. Accordingly, the SEC has requested the Congress for ‘additional authorities to prevent transactions, products, and platforms from falling between regulatory cracks’ and ‘more resources to protect investors in this growing and volatile sector’2.
    • Reportedly, the SEC has also taken concrete actions towards the entities associated with DeFi applications. Allegedly, the SEC has opened an investigation against Uniswap Labs— the main developer of the leading decentralised crypto trading protocol. The investigation would be focused on establishing how investors use Uniswap and how it is marketed. The SEC recently re-affirmed the commitment to get any platform implicated by the securities laws to work within the prevailing regime, independently from the platform being decentralized or centralized.
  • The DeFi Challenge—Regulators should provide certainty to the private sector actors and mitigate Anti-money Laundering (AML) and the investors’ risks without suffocating the nascent industry. If the regulators succeed in this endeavour, the adoption of DeFi would be promoted, delivering its benefits in a risk-controlled way. Attempting to regulate DeFi by enforcing the existing financial regulation may not be the most conducive way. As a case in point, regarding the situation prevailing in the US, Matt Levine explains that replacing ‘smart contract’ with a ‘person’ in the description of DeFi would be equivalent to describing an investment contract (security) subject to the SEC regulation. However, not replacing ‘smart contract’ with a ‘person’ in the description of DeFi, makes it most difficult to argue that the SEC regulation applies. The author concludes that ‘there is some genuine novelty in DeFi [and] it is really unlike the sorts of securities offerings that were on Congress’s mind when it passed the core U.S. securities laws in the 1930s’3. The regulatory challenge raised by DeFi is that the existing financial regulations are predicated on the existence of financial intermediaries. Accordingly, regulating DeFi through enforcement—applying existing financial laws to DeFi—is going to be much harder than regulating DeFi prudentially in the context of principle-based regulation.In conclusion, it is in the interest of the DeFi industry to work together and proactively with the regulatory authorities because such cooperation is a precondition for the innovative space to grow, be widely adopted, and generate benefits to the mass while ensuring the presence of AML controls and investors’ protection. The critical question is how to regulate DeFi. The enforcement approach – that is, the application of traditional detailed financial laws to DeFi – appears to be a difficult way to achieve the intended goal. The prudential regulatory process—focused on setting risk control and capital or liquidity boundaries on the private sector and actors—may be more conducive to the intended goal, particularly when based on a principle-based regulation. However, DeFi is antithetical to centralised intermediation. Therefore, the DeFi sector and actors need to be proactive and work together with the regulators. Regulators also need to be innovative. Embedding RegTech solutions in smart contracts may be a constructive way forward.

Other Noteworthy Developments

The roll-out of CBDC continues across the globe.

  • In October 2021, the Central Bank of Venezuela will roll-out a CBDC and launch an SMS-based exchange system to facilitate payments and transfers among its users.
  • The Bank of Thailand disclosed the results of a study on the implications of issuing a retail CDBC. As per the study results, there lies the possibility that a retail CBDC may negatively affect monetary policy transmission or the existing financial institutions.
  • A group of central banks comprising Australia, Singapore, Malaysia, and South Africa announced a trial program to test cross-border payments employing different CBDCs. As highlighted in the Digital Regulator of August 2021, the CBDC-based cross-border payment can be regarded as a crucial use-case for CBDCs if it wants to be an alternative to the Global Stablecoins.

The clampdown on cryptoexchange Binance started months ago in the US and has continued to generate ripple effects worldwide. Jurisdictions begin to shift their focus away from the specific case, take resolute actions towards cryptoexchanges, and take steps to bring cryptoexchanges under the regulatory perimeter.

  • South Korea announced the closing of 11 cryptoexchanges and urged all cryptoexchanges to comply with the country’s regulation.
  • Spain is poised to roll-out a new registration process for cryptoexchanges. The venues will be required to register with the authorities, which should improve transparency and terrorism financing issues.
  • The US SEC highlighted a risk for cryptoexchanges that may lead to the loss of public trust if they are not adequately regulated. It has asked the Congress for more power, such that it can govern this market.

Cryptoregulation is being developed in Cuba and is taking a firmer direction in India.

  • Cuba has joined the jurisdictions that promote a cryptoregulatory framework and plans to regulate cryptocurrencies. The plan is to establish rules for the use of VAs, which requires service providers to be licensed by the central bank.
  • India is poised to take a firm and open stance on cryptocurrencies after years of defending its ban. According to the finance minister, a bill is being prepared that will regulate cryptocurrency in the country.


DeFi is a new financial paradigm that carries not only several potential benefits, but also material risks. Therefore, its regulation is unavoidable to get its services broadly adopted. Regulating DeFi is complicated because the fundamental proposition of financial regulation is the existence of financial intermediaries; however, as per the definition, DeFi excludes such intermediaries. Accordingly, a new regulatory approach that does not assume the existence of a centralised intermediary is needed, which involves cooperation between the private and official sectors. Principle-based legislative frameworks are likely to accommodate DeFi better than detailed regulatory structures. A prudential regulatory approach will succeed better than an enforcement approach to regulating DeFi. Finally, the highly automated nature of the smart contracts that lie at the core of DeFi protocols may present a regulatory opportunity in terms of RegTech in the form of automated compliance programs.

1 ↵
2 ↵
3 ↵

Share this article


Mattia Rattaggi

External Regulatory Analyst METI Advisory AG

Yves Longchamp

Head of Research AMINA Bank AG

Subscribe to AMINA Research

Subscribe to AMINA Research for our latest perspective.

More Research

  • 06.06.2024


    The Digital Investor

    The May Crypto Roundup: Big Moves and High Hopes

    Bitcoin continues to consolidate with long-term investors beginning to re-accumulate coins for the first time since December 2023. The month of May saw a market-wide recovery in the last two weeks

    Read more
  • 08.05.2024


    The Digital Investor

    Correcting Course: April’s Crypto Recap

    In April, the crypto market witnessed significant events and developments across various fronts. Total crypto market capitalization declined by 16% over the month. 

    Read more
  • 02.05.2024


    The Bridge

    Artificial Intelligence, Blockchain and Crypto: A Confluence

    Much recently, cryptocurrencies themed around artificial intelligence (AI) were all the rage in crypto.

    Read more