How to Square Decentralized Finance With Regulatory Compliance

During D.C. Fintech Week in Washington, D.C. this past week, I moderated a conversation about how decentralized finance (DeFi) projects could be compliant with different regulations.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

The narrative

Are developers liable for how their projects are used? Can they prevent criminals from using their projects? In other words, is regulation-compliant decentralized finance an oxymoron?

Why it matters

Developers’ liability for how their decentralized projects are used has already been the subject of multiple criminal cases in the U.S. and elsewhere (see, for example, the cases against Tornado Cash developers Roman Storm and Alexey Pertsev). Without getting into the specifics of those cases, there is a broader general question as to how much developers can do to prevent malicious actors from using their projects, and to what extent regulators can design guide rails for DeFi.

I was privileged enough to discuss this with Maha El Dimachki, the head of the BIS Innovation Hub’s Singapore Centre, Yaya Fanusie, global head of Policy at Aleo, and Lee Schneider, general counsel at Ava Labs, during a panel at D.C. Fintech Week on Thursday.

Breaking it down

Compliance and decentralized finance inherently sound like a contradiction. Users should be able to use a truly decentralized protocol for any purpose, and the project’s developers should not have any ability to interfere with these transactions. That’s one theory, at least. Another is that developers are or should be required to prevent dangerous actors from taking advantage of their projects.

Developers could and should be able to build in certain tools or features to ensure compliance with certain regulations though, the speakers on this panel seemed to agree, with certain caveats.

The biggest of these caveats is that we need to come up with a specific consensus agreement on how we’re defining compliance here.

Fanusie said he would describe developers’ obligations more as “risk management,” focusing on what issues they might encounter (alleged money launderers or other malicious actors, for example)

Schneider said that another way of describing this is that neither developers nor regulators want users to lose their money (to roughly paraphrase his comments). In that sense, both parties here are aligned in their goals for DeFi.

And El Dimachki, who was previously at the UK’s Financial Conduct Authority, said outcome-based policymaking, with regulators looking to prevent malicious activity being the goal of how they could approach rules around DeFi. 

There seemed to be general agreement among the panelists that there are steps developers can take to ensure they’re not running afoul of regulations, but as always, the devil is in the details.

Obviously this is an ongoing debate, and I’m curious what you all think. I’d love to gather your thoughts on the following questions:

• Is compliant DeFi an oxymoron?
• DeFi implies global projects. Is it even possible for a truly decentralized project to meet regulatory needs in every jurisdiction it’s operating in?
• If a project is decentralized and open-source, what’s to stop a malicious actor from building their own front-end and tapping a protocol for their own purposes? And should developers still hold some form of liability in that scenario?

Feel free to respond to this newsletter or email me directly with your thoughts. I’d love to have a follow-up conversation at some point. And of course, I’d like to thank the good folks over at the Fintech Foundation for inviting me to be a part of this conversation.

Wednesday

• 14:00 UTC (10:00 a.m. ET) The House Financial Services Committee is scheduled to hold a hearing with federal bank regulators. This hearing was postponed on Friday afternoon, after House Speaker Mike Johnson announced the House would continue to be in recess.

Thursday

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at [email protected] or find me on Bluesky @nikhileshde.bsky.social.

You can also join the group conversation on Telegram.

See ya’ll next week!