Earlier this week, we considered the challenges of creating viable long-term regulations for decentralized finance (DeFi) protocols. These systems can ostensibly remove intermediaries from the trading of any asset represented on a blockchain, but those intermediaries have been the ones enforcing rules on behalf of regulators for the better part of a century. That means […]
Earlier this week, we considered the challenges of creating viable long-term regulations for decentralized finance (DeFi) protocols. These systems can ostensibly remove intermediaries from the trading of any asset represented on a blockchain, but those intermediaries have been the ones enforcing rules on behalf of regulators for the better part of a century. That means workable DeFi regulation will likely be much different in substance, and enforced differently, than current securities and finance rules.
That rethink may be years away from occurring, but U.S. regulators aren’t sitting idly in the meantime. With Securities and Exchange Commission chief Gary Gensler signaling that he’s paying attention, there’s significant expectation that enforcement actions could target DeFi well before any new regulations become official. Those enforcement actions will likely prioritize instances of clear lawbreaking, such as fraud or money laundering, taking place on DeFi systems.
This op-ed is part of “Policy Week,” a forum for discussing how regulators are reckoning with crypto (and vice versa). David Z. Morris is CoinDesk’s chief insights columnist.
They will be significant tests for the legal implications of decentralization. And they could get very, very ugly – particularly for individuals running “DeFi” systems that aren’t very decentralized at all.
Here, based on conversations with lawyers, former regulators and DeFi executives, are three key points about how things are likely to play out over coming months and years.
1. Enforcement will come before new rules.
The first ugly truth about DeFi regulation is that it will inevitably come too late. Systems like UniSwap and Celsius were built in ways that challenge the fundamental premises of conventional financial regulation, but regulators will not be quick to shift their models to conform with the reality on the ground. Meanwhile, DeFi systems continue to grow, guaranteeing they’ll face increasing scrutiny.
Jai Massari, a partner focused on trading and markets at the law firm Davis, Polk and Wardwell, predicts a three-step process of reconciling those conflicting truths. Call it the Stages of Regulatory Grieving.
“I think it starts off with enforcement,” she says, “because enforcement is easier than regulation.” Those enforcements could be similar to recent actions that have led to large fines for crypto exchanges like Kraken or services like Tether. But they could also go further to include criminal charges against individuals, on which more below.
Then we’ll begin to “see an effort [by regulators] to push these DeFi activities into existing regulatory categories,” Massari says. “But I don’t think that’s going to go well. I think it could be quite messy.”
In other words, she doesn’t expect serious consideration of a new regulatory framework that actually fits how DeFi works until after regulators spend time trying to hammer square pegs into round holes. In the U.S. context that could include jurisdictional fights between the SEC and other financial regulators.
Plenty of crypto operators will rightly view putting enforcement ahead of regulation as shutting the barn door after the horse is loose. To some extent, it’s a consequence of the shifting priorities of a new administration. Trump administration regulators, for better or for worse, made only incremental progress on laying out rules for crypto, much less DeFi, as crypto and DeFi grew from marginal to meaningful between 2016 and 2020.
There are signs regulators see things as running out of control. “It appears [Gary Gensler is] aligned with people like [Massachusetts Sen.] Elizabeth Warren that it’s the wild west, that it’s under-regulated,” says Katherine Kirkpatrick, co-chair of the Financial Services working group at the law firm King & Spalding.
Gary Gensler and Co., in other words, see themselves as trying to lasso a galloping stallion. That may lead to particularly strong enforcement tactics.
“They’re operating from the perspective of trying to solve something that’s the most egregious thing going on using traditional law enforcement tools,” Duane Pozza, a former Federal Trade Commission staffer who is now a partner at Wiley Law. “Because it means there will be fewer limits.”
2. Investigators will “Pierce the Veil” of decentralization.
In principle, DeFi protocols run without owners, leaders or managers. Much like Bitcoin, the protocols are in principle just software run by a collection of node operators or validators who neutrally facilitate transactions while collecting liquidity yield and fees.
Governance decisions, including changes to the protocol itself, could also in principle be managed by users. But there are still few examples of this in practice today; instead, the reality of “DeFi” in the present is often that it’s a fig leaf for a very clear group of core leaders who are actually in charge. The clearest evidence of this is instances where accounts, tokens or entire “decentralized” systems have been frozen or shut down.
“One of the design decisions in an autonomous system is whether there’s a kill switch,” says Stephen Palley, a lawyer focused largely on crypto regulation at Anderson Kill. “The problem with a kill switch is, what’s the liability or exposure of the person who controls it? To be truly autonomous, you can’t have a kill switch. The absence of that is a way to say you’re not responsible.”
It’s a grim irony of DeFi’s coming collision with legal reality: DeFi administrators who have been taking direct action to control problematic activity may have given law enforcement clear evidence that they’re actually the ones in charge, making themselves targets.
Particularly in cases where there is no legal entity affiliated with a DeFi platform, experts say this could lead to regulators and investigators “piercing the veil” in their DeFi enforcement actions. “Piercing the veil” is a legal term of art normally applied to prosecutions of corporate wrongdoing that target individual officers of the company, not just the legal corporation itself.
At least two recent crypto prosecutions have shown the willingness of the SEC and others to pierce the veil of crypto organizations, even those that have conventional corporate structures. One was the SEC’s charging of individuals at Ripple, including CEO Brad Garlinghouse, with an unregistered securities offering. The other was the filing of money laundering-related criminal charges against officers of BitMEX, including CEO Arthur Hayes.
Similar direct action against individuals with control over DeFi systems may not be far off. SEC chief Gensler has already made clear that he views most claims of decentralization in DeFi with skepticism. In addition to use of kill switches, law enforcement may look for evidence of control and responsibility in public representations of a protocols team, or and control of multisig wallet keys.
3. Clarity will not come soon.
It will be extremely tricky to craft regulation that controls risks like fraud and money laundering through DeFi while preserving technological advantages like open access, self-custody and democratic governance. That could be worth the trade-off in the long term if new rules are truly crafted carefully.
“We’re at a moment where a bit of enlightened thinking about regulation, a little creativity, a little open-mindedness would result in a much better outcome,” says Jai Massari. “I think the best approach is to take a step back and think about the policy objectives we’re looking for.”
That process could easily take years. In the meantime, enforcement actions will likely ramp up, perhaps leaving DeFi creators and administrators in the difficult position of defending themselves for breaking rules that simply can’t be fairly applied to the new technology.
Even then, there’s no guarantee that competent and well-considered regulation will be the end result. As we saw over the summer with the poorly crafted reporting requirements in the U.S. infrastructure bill, there is still a large technical deficit in technical knowledge among legislators and regulators, and it can have serious consequences.
“The technological shortfall is pretty significant,” says Duane Pozza. “The lawmakers have a million other things going on. We’re far away from getting to the point of understanding DeFi. I do think the infrastructure bill was a wakeup call – at least some influential people on [Capitol] Hill had to learn, had to think through this new technology.”
That leaves an uncomfortable status quo, at least for those in the world’s largest financial market. For a period that could stretch for years, there will be no changes to U.S. financial regulations to accommodate the way DeFi really works. But at the same time, law enforcement and regulators will likely be making life very uncomfortable for anyone who could be seen as having authority or control over DeFi systems.
Unless something changes very soon, that will almost certainly push innovation in DeFi out of the United States, much as huge, centralized crypto exchanges including Binance and BitMEX found it more comfortable to center their operations elsewhere. It’s a message that at least some would-be creators are getting directly from their legal advisers.
“I might not agree with the application of certain laws to what my clients do, but I’m not the [Commodity Futures Trading Commission], I’m not the SEC,” says Palley. “I’m just a simple country lawyer and I have to call balls and strikes.
“So I spend a lot of time just telling people to stay out of the United States. I hate it, but it’s good advice.”