During DC Fintech Week in Washington, DC last week, I moderated a conversation about how decentralized finance (DeFi) projects could comply with different regulations.
You’re reading State of Crypto, a CoinDesk newsletter that discusses the intersection of cryptocurrency and government. Click here to register for future editions.
the narrative
Are developers responsible for how their projects are used? Can they prevent criminals from using their projects? In other words, is regulatory-compliant decentralized finance an oxymoron?
Why is it important
The liability of developers for the use of their decentralized projects has already been the subject of multiple criminal cases in the US and elsewhere (see, for example, the cases against Tornado Cash developers Roman Storm and Alexey Pertsev). Without getting into the details of those cases, there is a broader general question about how much developers can do to prevent malicious actors from using their projects and to what extent regulators can design guidance for DeFi.
I had the privilege of discussing this with Maha El Dimachki, Singapore Center Director of the BIS Innovation Hub, Yaya Fanusie, Global Head of Policy at Aleo, and Lee Schneider, General Counsel at Ava Labs, during a panel at DC Fintech Week on Thursday.
breaking it
Compliance and decentralized finance inherently sound like a contradiction. Users should be able to use a truly decentralized protocol for any purpose, and project developers should not have any ability to interfere with these transactions. That’s at least one theory. Another is that developers should or should be required to prevent dangerous actors from taking advantage of their projects.
Developers could and should be able to incorporate certain tools or features to ensure compliance with certain regulations, although speakers on this panel seemed to agree, with certain caveats.
The biggest of these caveats is that we need to reach a specific consensus agreement on how we define compliance here.
Fanusie said he would describe developers’ obligations more as “risk management,” focusing on problems they might encounter (suspected money launderers or other malicious actors, for example).
Another way to describe this, Schneider said, is that neither developers nor regulators want users to lose their money (roughly paraphrasing his comments). In that sense, both parties here are aligned in their goals for DeFi.
And El Dimachki, who was previously at the UK’s Financial Conduct Authority, said outcomes-based policymaking, where regulators seek to prevent malicious activity, is the goal of how they might approach rules around DeFi.
There seemed to be general agreement among the panelists that there are steps developers can take to ensure they don’t run afoul of regulations, but as always, the devil is in the details.
Obviously this is an ongoing debate and I’m curious to know what you all think. I would love to hear your thoughts on the following questions:
- Is DeFi compliance an oxymoron?
- DeFi involves global projects. Is it even possible for a truly decentralized project to meet regulatory needs in all the jurisdictions in which it operates?
- If a project is decentralized and open source, what stops a malicious actor from creating their own interface and using a protocol for their own purposes? And should developers still have some kind of responsibility in that scenario?
Please feel free to respond to this newsletter or email me directly with your thoughts. I’d love to have a follow-up conversation at some point. And of course, I’d like to thank the good people at the Fintech Foundation for inviting me to be part of this conversation.
Wednesday
- 14:00 UTC (10:00 am ET) The House Financial Services Committee is scheduled to hold a hearing with federal banking regulators. This hearing was postponed Friday afternoon after House Speaker Mike Johnson announced that the House would remain in recess.
Thursday
If you have any ideas or questions about what I should discuss next week or any other feedback you would like to share, feel free to email me at [email protected] or find me on Bluesky @nikhileshde.bsky.social.
You can also join the group conversation on Telegram.
See you next week!
