- Global regulatory body recommends casting wide net over decentralised finance.
- List of those to be regulated includes developers of a DeFi project, participants in DAOs, those promoting the use of the protocol, and more.
- Even using artificial intelligence to automate governance wouldn’t spare DeFi developers from regulators.
In the years since Ethereum opened the door to a decentralised financial world, regulators have struggled to get a handle on its slippery nature. What makes a venture truly DeFi? Do officials need to craft bespoke rules, or could they make automated exchanges, lending markets and their ilk obey existing rules so they don’t exploit consumers?
Now, an influential body that helps shape the policies of the global securities markets has floated an answer — hold anyone involved in a DeFi venture liable.
On Thursday, the International Organization of Securities Commissions, or IOSCO, an association of regulatory agencies, said many projects claiming to be decentralised are anything but. In a paper, it called for a sweeping new approach to the sector to hold DeFi ventures accountable to existing laws, rules, and regulations.
“There is a common misconception that DeFi is truly decentralised and governed by autonomous code or smart contracts,” Tuang Lee Lim, chair of IOSCO’s board-level Fintech Task Force, said in a statement. “In reality, regardless of the operating model of the DeFi arrangement, ‘responsible persons’ can be identified.”
Identifying “responsible persons” in DeFi groups would mark a break with regulators’ loose approach to the sector.
Until recently, the US Securities and Exchange Commission and its counterparts in Europe and other regions have tended to focus on centralised players such as Binance and Coinbase.
Now, IOSCO is proposing a long list of persons who would be on the hook for the practices of their projects. It includes developers of a DeFi project, participants in DAOs, token holders, those promoting the use of the protocol, and more.
This broad approach has drawn fire from DeFi advocates.
“This industry has a lot of users,” Marina Markezic, executive director of the European Crypto Initiative, told DL News. “Usually the law doesn’t punish so many people that have not deliberately done something to hurt anyone.”
Erwin Voloder, head of policy at the European Blockchain Association, said the policy proposal is unworkable when it comes to DAOs. This is key because decentralised autonomous organisations play an instrumental role in the governance of DeFi projects such as Maker, Uniswap, and Aave.
“Who specifically is in the DAO? Is it the people in the Telegram group? Are they liable? And if so, for what?” Voloder told DL News. “This begs the question as to whether or not this is even enforceable in practice when it comes to DAOs.”
For DAOs, IOSCO’s line of reasoning may be particularly tricky.
DeFi founders often attempt to decentralise whatever protocol they build by relinquishing control to a newly created decentralised autonomous organisation.
DAOs, in turn, typically issue so-called governance tokens, whose holders can propose and vote on how to run the protocol. Similar to shareholders in a publicly listed company, holders have one vote per token.
‘US regulators also went into this super broad definition of who can be liable.’— Marina Markezic
IOSCO found most DAOs’ decentralisation superficial because key people are ultimately responsible for decision making and execution.
“Human involvement typically is necessary to effectuate governance decisions, or to translate and implement proposals to make changes to a project’s protocol, smart contracts or other code into usable code,” it said.
AI not a defence
Even using artificial intelligence to automate governance wouldn’t absolve people of responsibility for a protocol, the organisation said.
“For such cases, the person or entity that is responsible for deploying or using [artificial intelligence] could also be considered in the assessment of Responsible Persons,” the paper said.
In short, whether a protocol is “decentralised” or run by a DAO, “persons and entities who provide financial products and services” are “subject to applicable laws.”
When trying to find those “persons and entities,” regulators can, among other things, consider “whether there are other parties exercising control or influence over the DeFi arrangement, such as venture capital firms, large investors, or governance/voting token holders or voters.”
Regulators can also consider financial incentives for participation, such as who is receiving investments and returns on investment, or fees and payments for the development of the project, and for governance activities.
In other words, IOSCO is urging regulators to cast a wide net. This raises thorny questions as to whether governments would ever tolerate the decentralisation of finance, or always insist on intermediaries who can answer for protocols when things go awry. .
Earlier this year, a US judge ruled that Ooki DAO is a traditional business that should have registered with the country’s commodities regulator as a platform for commodities trading.
That regulator, the Commodity Futures Trading Commission, hailed it as a “precedent-setting decision.”
But crypto attorneys dismissed the argument and said it would likely have little impact on other DAOs in the country.
“[US regulators] also went into this super broad definition of who can be liable,” Markezic said. “I think that is absurd, and not in line with any kind of principle of proportionality.”
Same risk, same regulatory outcomes
IOSCO did note the need for harmonisation between regimes on DeFi.
To protect investors and market integrity, regulators should seek outcomes that are “the same as, or consistent with, those that are required in traditional financial markets,” the IOSCO report says.
As IOSCO’s role is to make recommendations for governments to implement around the world, regulators are sure to take note.
“There is definitely reason to believe that papers such as this will find their way into how Europe, Asia-Pacific and the US will ultimately frame the missing pieces to their regulatory parameters, especially around DeFi,” Voloder said.