I was recently asked for my thoughts on the fundamental questions and issues relevant to the regulation of DeFi - under existing law or for a bespoke regulatory framework. This request came from industry due to the current work and reports on the regulation of DeFi due from IOSCO by the end of 2023 and the European Commission by the end of 2024. I make these thoughts public so as to encourage robust discussion on this topic in the lead up to industry’s efforts to respond to IOSCO and the European Commission.

My thoughts are prepared having regard to several pieces of policy work including:

1. IOSCO Crypto-Asset Roadmap for 2022-2023 available here, which sets out the high level requirements of the workstream on DeFi, with a consultation paper to land soon (April/May 2023) and report due at the end of 2023

2. European Commission’s work to produce a report on DeFi before the end of 2024 as mandated by the MiCA Regulation

3. European Commission, ‘Decentralized Finance: information frictions and public policies, approaching the regulation and supervision of decentralized finance’, (June 2022), available here

4. IOSCO, ‘Decentralized Finance Report, Public Report’ (March 2022), available here

5. Financial Stability Board, ‘Assessment of Risks to Financial Stability from Crypto-assets’ (February 2022), available here

6. Australian Securities and Investments Commission, ‘Regulating complex products’ (January 2014) available here

Fundamental questions

1. What consumer-level harms are sought to be addressed by existing financial services laws and current definitions of regulated ‘financial products’ and regulated ‘financial services’?

   Existing financial services laws seek to protect investors from detriment or the likelihood of detriment because of:

   • ‘financial products’ and ‘complex financial products’, the risks of which investors may not understand because of:

   -lack of experience with same or similar products; and/or

   -lack of appropriate disclosure (pre- and post-sale); and/or

   -lack of qualification processes to test an investor’s understanding of risks before they engage with the product; and

   • negligence (by requiring professionals with the relevant skills and expertise to design and distribute the financial product, as well as adequate resources to monitor use of the financial product, and a registration process to afford the regulator an opportunity to review the plan for compliance with existing law before the products are offered to the market).

2. What are the reasons why DAOs have not complied with the abovementioned requirements of financial services laws?

   Arguably, the offering of financial products or complex financial products in analogue or digital or programmatic (i.e. smart contract) form does not change such harms that existing law seeks to protect against. However, to the extent an appropriately qualified independent third party can review the ‘compliance plan and quality of professional skills and experience’ then arguably the registration requirement is superfluous. Have DAO’s been seeking out such review? If not, why not?

   DeFi application interfaces typically do not provide the same sort of disclosure or qualification processes to inform and test an investor’s understanding of risks before the investor engages with the product, nor does the interface or documentation typically describe in sufficient detail how the DeFi application has been developed and/or reviewed by professionals with the relevant skills and expertise to design and distribute the DeFi application (if the function of the DeFi application is analogised to its analogue equivalent). Easy to read blogs and video tutorials to teach how to engage with the DeFi application are often freely available and are arguably more informative and engaging than lengthy disclosure documents, however often these are unofficial blogs and video tutorials made by people without financial services experience or qualifications and their motivations for producing the content are not often clear.

3. What market-level harms are sought to be addressed by existing financial services and markets laws?

   Note that existing markets laws seek to protect fair, orderly and transparent markets. Responsibility for supervising domestic markets is often shared between the financial services/ securities regulator as well as each licensed market operator.

   Note: DeFi applications that facilitate the exchange of one crypto-token for another (whether fungible or non-fungible) are arguably markets worthy of supervision to ensure financial markets are fair, orderly and transparent. Since there is no legal person operator per se in a decentralised exchange (instead there can be many liquidity providers to each independent liquidity pool), it could be more appropriate to require a DAO-governed decentralised exchange to provide factory contracts that permit liquidity providers to set liquidity pool halt parameters (similar to market trading halt powers exercised by a market operator) in defined times of market distress. Arguably, the Uniswap v3 factory contracts allow for this but without specific mention that the setting of parameters should be undertaken with regard to circumstances beyond the investor and include market integrity. The Financial Standards Board could assist in the identification of potential systemic risk in the DeFi sector and the policy actions that could address these risks. See for example, FSB ‘Assessment of Risks to Financial Stability from Crypto-assets’ linked above.

4. What are the reasons why DAOs have not complied with the abovementioned requirements to ensure fair, orderly and transparent markets?

   For example, why haven’t DAO-governed decentralised exchanges sought to develop their own version of a market operator policy? Whilst not a DEX, see, for example, Six Digital Exchange market policy documents here with nuances for their distributed ledger based exchange.

5. Do DeFi applications constitute ‘complex financial products’? If so, what are the indicators of complexity?

   A complex financial product is something that an investor cannot alone determine the level of risk they are exposing themselves to, to make an informed decision about engaging with the product.

   The democratisation of financial products and services through DeFi means that complex/structured financial products once only available to sophisticated investors are now ‘consumer products’. In addition, DeFi applications could facilitate ‘simple’ financial products but due to the use of smart contracts and DAO-governance there is perceived or actual technology complexity and technology risk for investors to understand.

   In DeFi applications, the indicators of complexity could source from:
   • the nature of the financial product (Is it is collateralised lending (e.g. provide crypto-token collateral subject to liquidation if the price of the crypto-token declines to a known price, to receive loan proceeds denominated in another crypto-token)? Is it putting crypto-tokens to smart contract risk to earn a return (e.g. staker in a liquidity mining scheme that emits new crypto-tokens)? Is it putting crypto-tokens to trading risk to earn a return (e.g. liquidity provider in an exchange trading pool protocol)? Is it putting crypto-tokens to counterparty lending risk to earn a return (e.g. lender in a lending pool protocol)?);
   • the use of one or more smart contracts;
   • the use of one or more crypto-tokens;
   • the interaction with one or more other DeFi applications (DAO-governed or legal person-governed), which would indicate how exposed the application is to systemic or contagion risk from other DeFi applications failing;
   • the nascent and evolving nature of DAO governance; and
   • the number (and quality) of smart contract security audits and availability of a bug-bounty program.

   Arguably, further requirements are required for the ‘technology complexity’ to facilitate the offering of financial products through DeFi applications to sophisticated investors who may have financial experience but not technology experience to adequately inform themselves of the risks.

6. What are the harms arising out of DeFi applications – both at the consumer level and market level?

   The offering of financial products in programmatic form, and subject to DAO-governance, introduces new risks, both to the investor as well as to the market where the DeFi application is ‘systemically important’.

   Consumers or retail investors do not have the sophisticated understanding or experience to inform themselves of the risks, and how to manage such risks, of complex financial products. Nor do traditional sophisticated investors have the experience or understanding of nascent and evolving models of DAO-governance to inform themselves of the idiosyncratic risks.

   The priority of application of policymaking, regulator and supervisory resources should be dedicated to the most serious and most systemic actual and potential harms identified out of responses to this question.

7. Does DAO governance of a DeFi application pose additional risks or afford additional protections to investors and the market?

   What are the features and risks of DAO governance models that would help or hinder confidence in the quality and upgradeability of DAO-governed DeFi applications?

8. Has the DeFi / DAO market attempted to mitigate or eliminate these harms? If so, how?

   The DAO Model Law was produced by COALA (Coalition of Automated Legal Applications) in 2021 to set minimum safeguarding standards for legal recognition of DAOs. Utah has recently passed legislation based on the DAO Model Law, and other jurisdictions are increasingly legislating their requirements for legal recognition of a DAO. See for example, Vermont BBLLC, Wyoming DAO LLC, and the Marshall Islands DAO LLC.

   There is still time for industry to step up and seek to comply where possible with existing laws. Through the regulatory interoperability working group that I coordinate, DAOstar is working on standards to improve the visibility of DAOs and how the technology can offer ‘technology protections’ that meet or exceed existing laws, as well as where there are outstanding ‘technology risks’.

9. What role would regulation play in further mitigating or eliminating these harms, assuming that the policymaker’s objective is to require safeguards while encouraging innovation and reducing the regulatory burden for individuals, businesses and community organisations?

   Regulation could stipulate that regulatory equivalence is permitted and allow an amnesty period for DAO-governed DeFi applications to ‘come into compliance’. Simply, regulatory equivalence requires the same policy outcome but by different, more fit-for-purpose and nuanced, means.

10. What are the idiosyncrasies of:

    • the nature of financial products and services facilitated by DeFi applications compared to financial products and services facilitated by clearly regulated legal persons; and

    • the nascent and evolving stage of DAO governance over DeFi applications versus the long-standing recognition of legal persons such as companies and trusts; and

    • the open-source nature of source code that makes up a DeFi application, which allows for independent third parties to use the code as is and without any warranties.

11. How do these idiosyncrasies suggest existing law is ineffective or inappropriate to apply, and if so how would the same policy outcomes be achieved through different means?

Author: Joni Pirovich, Principal, Blockchain & Digital Assets Pty Ltd.

Acknowledgement: We acknowledge the Traditional Custodians of the lands we live and work on. We pay our respects to Elders past, present and emerging, of all First Nations peoples.

Content License: All rights are reserved in respect of this work. Blockchain & Digital Assets Pty Ltd grants a non-exclusive, royalty free license to use this work for the following purposes:

a) to read and discuss for educational purposes;

b) to copy and redistribute the work for educational purposes as long as appropriate attribution is made to the author and Blockchain & Digital Assets Pty Ltd; and

c) to sell the NFT collectible linked to this work if the holder no longer wishes to hold it as a collectible.

Other persons and DAOs (to the extent DAOs are not recognised as persons) are granted a non-exclusive, royalty free license to use this work for the same purposes as stated above.

Subscribing: By subscribing you will be prompted to enter your wallet address and email. This enables you to be notified via email when new entries are published. Support at mirror.xyz do not share your email address with us, only your wallet address and display name.

Collecting: By collecting a BADASL NFT you will be promoted to pay the collection fee which is inclusive of Australian Goods and Services Tax (GST) if you are an Australian resident or GST-free if you are a non-Australian resident. A tax invoice and receipt can be provided to you upon request to info@badasl.com. Each BADASL NFT is deployed on Optimism, an Ethereum Layer 2 network. No royalty has been set for secondary sales of NFTs so secondary sales are treated as a commercial exchange between the NFT holder and purchaser where the NFT holder is responsible for the legal and tax implications of resale while respecting the license rights. Blockchain & Digital Assets Pty Ltd reserves all rights to set a royalty on secondary sales.

Disclaimer: If you subscribe to BADASL, or pay to collect BADASL NFTs, all amounts received into the badasl.eth wallet will be treated as assessable income. You are responsible for seeking independent and professional legal and tax advice regarding your eligibility to subscribe to or collect BADASL NFTs and associated works. None of the content constitutes legal, tax, financial or security advice.