CFTC’s first-of-its-kind report on DeFi asks for policymaker scrutiny

In a new and significant development within the financial regulatory landscape, the CFTC has decided to focus on the decentralized finance (DeFi) marketplace.

The commodities and derivatives regulator issued a report on Monday that focuses on DeFi and states that policymakers need to look at ways of identifying the individuals involved in decentralized finance.

The objective is to guide regulatory authorities in formulating policies that ensure investor protection and market integrity while fostering innovation, the report’s authors note.

This move is part of a broader effort to understand and regulate emerging digital asset sectors, which have seen rapid growth and increasing complexity, and a number of enforcement actions — some of them emanating from CFTC.

Privacy versus accountability

Policymakers need to identify and prioritize projects of greatest concern and focus on digital identity, know your customer (KYC) and anti-money-laundering (AML) regimes as well as calibration of privacy in DeFi, the report’s authors say.

The CFTC notes that DeFi is not immune to regulatory scrutiny, particularly because of the widespread use of pseudonyms to hide users’ identity and the decentralized nature of the industry – which makes it hard to assign responsibility to anyone in particular. Without a traditional centralized governance mechanism, questions about responsibility and accountability have arisen when it comes to the DeFi market.

CFTC Commissioner Christy Goldsmith Romero
Christy Goldsmith Romero. Photo: CFTC

“The pseudonymity and disintermediation provided in most DeFi systems presents serious concerns for policymakers focused on ensuring AML and countering financing of terrorism (AML/CFT) regimes are effective and provide appropriate protections and victim recourse for consumers,” the report said.

“A central concern related to DeFi systems is the lack of, and some industry designs to avoid, clear lines of responsibility and accountability,” Christy Goldsmith Romero, one of the five CFTC Commissioners, said in a statement accompanying the report.

Goldsmith Romero is the sponsor of the CFTC’s Technology Advisory Committee, whose subcommittee produced the report. The subcommittee is made up of government officials, Wall Street executives, crypto executives and academics.

DeFi has “no clear route to ensuring victim recourse, defense against illicit exploitation, or the ability to insert necessary changes and controls during periods of crisis and network stress,” she said.

Although the CFTC report acknowledges potential “undesirable privacy violations” when evaluating options for identification requirements in DeFi, it ultimately concludes that some encroachment on pseudonymity may be necessary.

This suggests that the regulator seeks to remove at least some layers of the anonymity inherent in decentralized finance, despite industry objections over privacy rights. Policymakers would need to balance these privacy concerns against the need for greater transparency and accountability.

Blueprint to mitigate risk

Goldsmith Romero, sponsor of the CFTC’s Technology Advisory Committee, issued a statement on Monday about the DeFI report in which she laid out the blueprint of actions the report recommends to mitigate risks to investors, consumers, market integrity, financial stability, and to combat illicit finance. Those actions include:

  • increasing the understanding of DeFi; map interconnections and threat vectors; developing continuous data gathering, monitoring, information sharing, and regulatory partnerships;
  • surveying the existing regulatory perimeter to determine whether DeFi products and services are within the US financial regulatory perimeter; assessing the level of compliance; and identifying regulatory gaps;
  • assessing risks posed by asymmetric information and conflicts of interest; operational, technical and security vulnerabilities; liquidity and maturity mismatches; algorithmic discrimination; market manipulation; reliance on key service providers; illicit finance, and other risks;
  • evaluating the range of potential requirements to address risks, including disclosure, regulatory reporting, third-party auditing, entry restrictions, regulatory supervision, governance regulation, conduct regulation, and resolution planning;
  • fostering greater engagement and collaboration with domestic and international standard setters, regulatory efforts and DeFi builders. 

DeFi and ongoing scrutiny

The promise of DeFi partly revolved around being middlemen-free, as its automated code guides consumers and investors through the markets, offering a potentially cheaper and more efficient alternative to traditional models of finance.

The industry has largely avoided the brunt of US crypto policy debates, but it faces new scrutiny as concerns about criminal activity (thanks, in part, to the lack of such gatekeepers) mount.

In September, three DeFi companies agreed to settle charges filed by the CFTC that they illegally offered derivatives trading in cryptocurrency.

The CFTC said the companies, Opyn, ZeroEx, Deridex, illegally offered leveraged and margined retail commodities transactions in cryptocurrency. Deridex and Opyn were also charged with failing to register with the CFTC for digital asset derivatives trading and to have the know-your-customer programs that are required under the Bank Secrecy Act, the money-laundering law applicable to many financial services firms, including future commission merchants.

“A central concern related to DeFi systems is the lack of, and some industry designs to avoid, clear lines of responsibility and accountability.”

Christy Goldmsith Romero, CFTC Commissioner

In June, Ooki DAO was ordered to pay a $643,000 fine and shut down operations after a US judge ruled in favor of the CFTC in a precedent-setting decision that has implications for the regulation and oversight of decentralized autonomous organizations, or DAOs.

The CFTC hailed the victory as “a precedent-setting decision,” with the court declaring that the Ooki DAO is a “person” under the Commodity Exchange Act and can thereby be held liable for law violations.

The US Treasury Department called for changes to anti-money-laundering and terrorist finance rules last year to to address such issues in the DeFi space, noting that such systems were being used by a number of domestic and foreign cybercriminals.

Senators Jack Reed (D-RI), Mark Warner (D-Va.), Mitt Romney (R-Utah), and Mike Rounds (R-SD) introduced legislation last year targeting DeFi exchanges.