The DeFi Regulation Void: Decentralization Vs. Investor Protection

okx learn
OKX Learn

Decentralized finance, commonly referred to as DeFi, has seen significant growth in the second quarter of 2020. Daily transaction volumes hit an all-time high of $608 million on June 21. The total USD value locked in DeFi reached $1.95 billion in Q2 2020 — a quarterly growth of 311%. And since July, that value has surged to $2.83 billion.

While much of the DeFi-related focus has been placed on the rise of Compound and the surging volumes on decentralized exchanges, not a lot has been said about the development of regulatory frameworks for the emerging industry niche. With that in mind, OKX Insights examines the regulatory environment for crypto-lending platforms and decentralized exchanges. 

The key differences between centralized and decentralized crypto-lending platforms

Loan transactions in the crypto-lending market reached $8 billion in Q4 2019, up 700% from 2018. The sum, however, remains infantile when compared to the traditional lending market, which boasts an annual transaction volume of $85 billion. Still, the crypto-lending market is rapidly gaining traction — and both centralized and decentralized lending platforms are the key players in the nascent industry.

Centralized crypto-lending platforms, such as BlockFi and Celsius Network, are similar to traditional financial service companies, in so much as they retain full control when matching and executing loan requests between borrowers and lenders. The activities of centralized crypto-lending platforms include safekeeping clients’ assets and determining the interest rates of crypto assets. 

Conversely, decentralized crypto-lending platforms make use of smart contracts to remove the need for centralized third parties to act as middlemen. Smart contracts are used for executing loan transactions, determining interest rates for crypto assets and storing the collateral for both lenders and borrowers. Compound and Maker are two examples of decentralized crypto-lending platforms.

There are four key differences between centralized and decentralized crypto-lending platforms: 

  • Custody
  • Governance
  • Compliance
  • Profit model

Centralized platforms are custodial

Centralized crypto-lending platforms are custodial, which means that users’ collateral is kept by the lending platform or a third-party custodian. From the lender’s perspective, it is the platform’s responsibility to mitigate counterparty risk. Lenders assume that the platform can safeguard their assets and ensure the borrower repays the loan on time.

BlockFi is one notable example among custodial crypto-lending platforms, as client assets are deposited with a third-party custodian. When users send their collateral to BlockFi, it is then transferred to a cold storage system provided by Gemini, a regulated cryptocurrency exchange, wallet and custodian. Borrowers cannot access the collateral until they have paid off their loans.

A regulated, centralized crypto custodian provides additional investor protections for users. In the case of BlockFi, Gemini (i.e., the custodian) obtained a trust license from the New York State Department of Financial Services — a requirement to be compliant with specific capital reserve needs and banking compliance standards under §100 of the New York Banking Law. 

Decentralized platforms are non-custodial

On the other side of the spectrum, decentralized lending platforms are non-custodial, meaning they don’t have direct access to user funds. Borrowers and lenders in DeFi lending platforms rely on smart contracts to minimize counterparty risk — they trust that said smart contracts can execute loan transactions without any technical glitches or exploitable loopholes. 

The current leader in decentralized finance, Compound, is an example of a non-custodial lending platform. Users supply collateral to borrow other crypto assets. The collateral is represented by a smart contract called cToken — which is stored and managed by Compound users themselves rather than by the Compound team or third-party custodians.

Who governs a decentralized lending platform?

The difference in the approach to governance between centralized and decentralized lending platforms can be reflected by the purpose of the platforms’ native tokens.

The governance of centralized lending platforms is, generally speaking, controlled by the core development team. The platform’s native tokens are awarded to users primarily for transactional purposes. In the case of Celsius Network, its native token, CEL, allows users to issue loans, collect interest and lend cryptocurrencies. Payment platform’s native token, CRO, also serves as a means of payment and settlement on the company’s native blockchain. 

The native tokens of decentralized lending platforms, on the other hand, allow users to participate in the governance process of the platforms. The primary example would be Compound, which allows users to vote on governance proposals using the protocol’s native token, COMP. For example, token-holders recently voted to increase the collateral factor of WBTC from 0% to 40% — allowing users to loan WBTC while using 40% of its value as collateral.

Centralized crypto-lending platforms are more compliant

When it comes to compliance, centralized crypto-lending protocols have stricter requirements — particularly to comply with existing Know Your Customer and Anti-Money Laundering regulations in jurisdictions where they operate — than decentralized lending protocols. For example, to abide by KYC/AML procedures when applying for a loan, BlockFi users must disclose their personal information — including their social security number, wallet public keys and bank information.

Conversely, KYC/AML procedures are typically not required for users on decentralized crypto-lending platforms. Kristi Swartz, managing partner at Swartz, Binnersley & Associates, uses Compound as an example to express her concerns about the lack of investor protection for users of decentralized lending platforms. She told OKX Insights: 

“One disadvantage of decentralization is that investor protection becomes much harder as traditional tools, such as circuit breakers, are not available. Compound, which automatically sets interest rates based on supply and demand, is partially able to achieve stability. However, it may not be enough. By analogy, the central banks do not and cannot rely on interest rates alone to achieve financial/monetary stability.”

She also commented on the possibility for some compliance measures for investor protections to be written into the protocol’s smart contracts:

“As human intervention is minimal in DeFi — or, at least, it is supposed to be — any measures must be coded into the protocol itself. Examples could include more stringent risk management policies or requirements to take into account the lack of credit scoring and lower level of human supervision.”

How do crypto-lending platforms make profits?

When comparing centralized and decentralized crypto-lending platforms, an obvious question that arises is that of profit models.

Similar to traditional lending platforms, centralized crypto-lending platforms primarily use a profit model that is based on the interest-rate spread — i.e., the difference between the interest rate received from borrowers and the interest rate paid to lenders. A higher interest-rate spread indicates higher profitability.

Additionally, traditional financial institutions are emerging clientele for centralized lending platforms. For example, BlockFi offers services to institutional lending desks and provides liquidity to institutional borrowers. Celsius Network is also seeing increased institutional demand. Alex Mashinsky, the company’s CEO, said in an interview in March that on the Celsius Network, “close to 100% of the borrowers are institutions.”

On the other hand, decentralized lending platforms are not profit-generating by nature. However, those who hold the platform’s governance token, in theory, will profit from the platform’s use. Maker, the second-largest decentralized lending platform, earns revenue from stability fees and liquidation penalty fees. The revenue is then redistributed to holders of the Maker token, MKR, which is used to build price oracle infrastructure and support collateral risk management research.

Centralized and decentralized cryptocurrency exchange regulation

Apart from crypto-lending platforms, the regulation of decentralized cryptocurrency exchanges — commonly referred to as DEXs — is another important indicator of the sustainable development of DeFi.

While there is no global consensus when it comes to the regulation of cryptocurrency exchanges in general, the United States has proven to be one of the more inflexible regulators and active enforcers in the space. In a sense, U.S. regulations can serve as a bellwether for many other nations to follow. 

How the United States views centralized and decentralized exchanges

The U.S. Securities and Exchange Commission, as the regulator of securities-trading in the country, first applied crypto-related rules pertaining to the hack of a decentralized autonomous organization called The Dao in June 2016, in which 3.6 million ether (about $44.6 million at the time) was stolen from the platform. According to the agency’s report on July 25, 2017, the SEC stated that if a trading platform is operated as an exchange and offers digital assets that are securities, it needs to register with the SEC as a national securities exchange (or meet the requirements to be exempt from registration) in order to comply with federal securities law. 

Jay Clayton, the chairman of the SEC since 2017, noted in a statement from November 2017 that market participants, including exchanges, should not undermine AML or KYC obligations for any cryptocurrency activities conducted. He stressed that exchanges should treat payments and transactions in cryptocurrencies the same way as cash transactions.

Clayton then released testimony in February 2018 that expressed his concerns regarding cryptocurrencies. The SEC chairman noted that trading platforms listing tokens sold in initial coin offerings did not provide appropriate investor protections in line with transacting through broker-dealers on registered exchanges or alternative trading systems. These investor protections include best execution, short-sale restrictions, prohibitions on front running, and custody and capital requirements.

The SEC then released a statement in March 2018 regarding exchanges that trade digital assets — reminding them that they do not have the same standards of integrity as a registered national securities exchange. 

EtherDelta: The landmark ruling on decentralized exchanges

Decentralized exchanges, for their part, first came under the regulatory spotlight with the SEC’s ruling on EtherDelta — a landmark decision in the history of DEX regulation.

EtherDelta is a decentralized exchange offering ether and ERC-20 token trading. After two years of operation, founder Zachary Coburn was charged by the SEC with operating an unregistered exchange — the first case of such enforcement against decentralized exchanges. Coburn consented to the order and agreed to pay $300,000 in disgorgement, $13,000 in prejudgment interest, and a penalty of $75,000. 

The key question in this ruling revolved around whether or not EtherDelta offered securities trading and, as a result, needed to register with the SEC to serve U.S. users.

EtherDelta offered securities trading

In the SEC’s aforementioned report on The DAO, the regulatory body referred to the Howey Test to determine whether digital tokens — or any asset for that matter — are securities. The Howey Test lists three key criteria:

  1. The investment of money
  2. Common enterprise
  3. Reasonable expectation of profits derived from the effort of others

In the EtherDelta ruling, the SEC first identified the time frame during which Coburn founded and operated the exchange as the relevant period — from July 12, 2016 to Dec. 15, 2017. During the relevant period, the regulator concluded that there were more than 3.6 million buy and sell orders of ERC-20 tokens. Approximately 92% were traded during the period after the SEC released The DAO report.

In regard to the ERC-20 tokens offered by EtherDelta, the SEC ruled that users purchased certain ERC-20 tokens with a reasonable expectation of profiting. Such expectations came from the operational effort by Coburn, where users expected an increase in the value of their investment in secondary trading. 

For instance, Coburn provided frequent updates to EtherDelta’s users via Twitter and Reddit, which users may have utilized in an effort to make more informed decisions when trading ERC-20 tokens on EtherDelta. 

This expectation of profit from EtherDelta’s users is consistent with the third requirement under the Howey Test. However, the SEC did not specify which ERC-20 tokens offered in EtherDelta met the definition of securities.

EtherDelta met the definition of an exchange

The SEC concluded that EtherDelta met the definition of an exchange — plus, at least some of the tokens traded on it could be considered securities. As such, EtherDelta was required to register as a national securities exchange, pursuant to Section 5 of the Exchange Act

To assess whether EtherDelta met the definition of an exchange, the SEC used a functional test under Rule 3b-16(a) of the Exchange Act. In the application of the test, the SEC found that EtherDelta used its order book to gather trading orders of multiple buyers and sellers. Furthermore, the platform leveraged its website, order book and pre-programmed trading protocols as established and nondiscretionary methods for users to trade during the relevant period. 

As such, EtherDelta met the two criteria set in the functional test and, therefore, met the requirements to be considered an exchange under Section 3(a)(1) of the Exchange Act.

Coburn’s action on EtherDelta led to violation of the Exchange Act

Though EtherDelta was required to register as a national securities exchange to stay compliant, Coburn did not do so during the relevant period. According to the SEC, this led to a violation of Section 5 of the Exchange Act. 

As the founder of EtherDelta, Coburn was responsible for writing and deploying the platform’s smart contract on the Ethereum blockchain. As Coburn had complete and sole control over EtherDelta’s operations, the SEC stated that he should have known the failure to register as a national securities exchange would lead to the violation.

Smart contract regulation remains limited

While the EtherDelta ruling serves as a landmark and potentially precedential court decision for approaching decentralized exchanges, existing regulation has limited applicability to protect investors from smart contract vulnerabilities. 

In her conversation with OKX Insights, Kristi Swartz explained the key obstacles to regulating smart contracts — and specifically, potential implications for the developers behind them. She stated:

“At the heart of a smart contract, there is, by legal definition, a contract — even though it appears to be wearing a new outfit. The terms of the smart contract form the legal agreement between the two parties. That being said, consideration should be made as to whether the developer of the smart contract should also be liable.” 

According to Swartz, determining liability when it comes to smart contracts is a complicated matter. Whereas a law firm may be sued for the negligent drafting of a traditional contract, it isn’t entirely clear who assumes the risk for a potentially exploitable smart contract.

Furthermore, determining which regulatory body should have authority over smart contracts is another issue entirely. Swartz explained:

“Similarly, consideration should be given as to governance — which regulator may be involved, which governing law does the contract rely on? Regulations may only have limited protection for smart contract vulnerabilities. Parties will still need to do their own due diligence on the smart contract in order to determine that it is fit for purposes. As the Latin phrase goes, ‘caveat emptor’ — buyer, beware!”

The FATF’s recommendation on cryptocurrency exchanges

Apart from the United States, other countries and organizations are actively exploring the regulation of cryptocurrency exchanges. One notable example is the intergovernmental body the Financial Action Task Force.

In June 2019, the FATF released an updated recommendation on international standards to combat money laundering and terrorist financing. In particular, it issued an “Interpretive Note to Recommendation 15 on New Technologies” to further clarify how the FATF requirements should apply to virtual asset service providers, such as cryptocurrency exchanges. As defined by the regulator, VASPs include fiat-to-crypto exchanges and crypto-to-crypto exchanges. Whether the exchange is centralized or decentralized is, evidently, outside the scope of the FATF’s recommendations.

The core piece of regulation extended to cryptocurrency exchanges related to the FATF is Recommendation 16 — commonly known as the “travel rule.” As originally applied to traditional banks, the travel rule now requires cryptocurrency exchanges to collect and share customer data pertaining to cryptocurrency transactions. The data includes the name and wallet address of the originator and beneficiary, as well as the sender’s address and proof of identity. Cryptocurrency exchanges need to ensure that the information of the sender and receiver in each transaction is recorded and made available upon request to relevant regulatory authorities.

What’s missing in DeFi regulation?

Despite the recent popularity of Compound and decentralized exchanges, the DeFi sphere is still in its infancy — particularly in regard to regulatory compliance. 

One of the reasons DeFi currently has so few specific regulations applied to it is simply due to the fact that regulators have a limited understanding of the DeFi ecosystem. Swartz told OKX Insights that she believes regulators are taking a reactive approach to DeFi regulation rather than a proactive one. She explained:

“By its very nature, DeFi is designed to be permissionless and, currently, operates within the ‘grey’ area of the financial industry — which, as we know, is a highly-regulated market. Currently, DeFi operators seem to have an unspoken ‘code of conduct’ in which they are good players in the space. Regulators are clearly watching the space carefully and, as we know, are reactive in approach rather than proactive. One transaction could topple the apple cart, so to speak.” 

Swartz then identified the missing pieces in the DeFi regulation puzzle — namely, the scale of the oversight and the treatment of both DEXs and stablecoins. She explained to OKX Insights:

“With respect to regulation as a whole, in my opinion, this needs to be considered with a broad brush and the first step is to identify whether the space should have local or global oversight. The question is, then, which prudential authority should regulate which aspect of DeFi — which will, in turn, require consensus on the framework. For instance, should a DEX be regulated by a securities and futures regulator? Should stablecoins be regulated by the central bank?”

For Swartz, there needs to be a correct balance between innovation-stifling over-regulation and high-risk under-regulation. “There needs to be sophisticated legislation brought into play to provide ample consumer protection, governance and guiding principles to operators who wish to leverage this space honestly,” she said.

Jake Chervinsky, general counsel of Compound, shared a similar sentiment when he told OKX Insights that regulators should allow ample room for DeFi to grow. “It’s too early to say whether any new regulations are needed to address DeFi protocols or tokens,” he explained. “DeFi has just barely started to emerge as an exciting use case for digital assets. It would be a mistake to rush new regulations before the space has time to develop.”

Disclaimer: This material should not be taken as the basis for making investment decisions, nor be construed as a recommendation to engage in investment transactions. Trading digital assets involve significant risk and can result in the loss of your invested capital. You should ensure that you fully understand the risk involved and take into consideration your level of experience, investment objectives and seek independent financial advice if necessary.

OKX Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.

Follow OKX Insights on Twitter and Telegram