Recently, I had the privilege of presenting to the Financial Action Task Force (FATF) on why its updated guidance regarding decentralized finance is not technologically appropriate for the industry.
Rebecca Rettig is general counsel at the Aave companies, the software development team that developed the Aave protocol. She will be speaking at Consensus by CoinDesk, our virtual experience May 24-27. Register here.
According to the FATF, the guidance was intended to provide additional “instruction” in light of the ongoing changes in technology in the blockchain and cryptocurrency space. Although the FATF said it does not intend to broaden the existing definition of virtual asset service provider (VASP) from its original guidance, the latest draft appears to vastly expand who or what may be included. More individuals and entities could be VASPs. And there may be individuals subject to the compliance requirements for running DeFi protocols (unlike today).
That expansion will capture numerous individuals and entities associated with the decentralized finance (“DeFi”) ecosystem. But adopting the guidance in its current form will capture actors who have little to no involvement in the financial transactions that occur on DeFi protocols.
Not only is that detrimental to the growth of an open and transparent financial system, but it is not proportionate to the money laundering and terrorist financing concerns based on available data.
In my presentation, I argued that rather than adopting the guidance in its current form, the FATF should adopt the following three interim steps toward achieving guidance that properly “plugs in” to the DeFi technological infrastructure: The FATF should take additional time for consideration of guidance that is aligned with the reality of DeFi technology and ecosystem; it should collaborate with industry participants and should realize that existing, native anti-money laundering (AML) and terrorist financing (CFT) compliance solutions could be enhanced to offer a path forward.
To understand why the guidance as drafted could cause irreparable harm to the DeFi industry, it is important to understand the meaningful differences between DeFi and the traditional financial system. Those differences require a fundamental paradigm shift in how we think about regulation and the monitoring of DeFi transactions.
In essence, there are five qualities of DeFi protocols that make them distinct from traditional financial systems – and more akin to the blockchains upon which they are built (and which FATF recognizes are not VASPs).
It is clear from these characteristics that DeFi protocols are as “decentralized” as the blockchains upon which they are built.
In a truly decentralized system, it is not the software developers who built the protocol who make the decisions about the growth and development of the protocol. Unlike traditional finance where control is concentrated in one body, “decentralization” occurs where software empowers a community of users, developers and other entities interacting with the protocol to update or amend various parts of the protocol. This system of control by users is known as “decentralized governance.”
Decentralized governance allows for more secure systems, where users have a stake in seeing the system grow, and meets the needs of individuals everywhere in the world. In this context, these protocols are similar to the Internet Protocol and the Hypertext Transfer Protocol – IP and HTTP – which nobody controls and anyone can use and whose technical decisions are made by consensus.
The transparency of DeFi protocols addresses the AML/CFT concerns underlying the FATF’s proposed guidance. Preventing money laundering and terrorist financing is critical as we progress in the development of the DeFi space. But the inherent features of DeFi and the existing compliance solutions are already addressing such concerns.
A report issued by Chainalysis found that illicit virtual asset transactions make up only 1.1% of total virtual asset transactions. The same report, however, recognized that the transparency of blockchains also allowed law enforcement greater insight into cryptocurrency transactions, including money laundering.
In 2019, former U.S. Commodity Future Trading Commission (CFTC) Chairman Christopher Giancarlo discussed the 2008 financial crisis and recognized the benefits of the transparency of the “real-time trading ledger” of blockchain.
“In short, what a difference it would have made a decade ago if Blockchain technology had been the informational foundation of Wall Street’s derivatives exposures. At a minimum, it would certainly have allowed for far prompter, better-informed, and more calibrated regulatory intervention instead of the disorganized response that unfortunately ensued,” he said.
While in private practice, I experienced firsthand the “better informed” regulatory intervention Giancarlo envisioned. In interacting with law enforcement and regulators in a variety of contexts, I was able to demonstrate that given the transparency of blockchain and the DeFi protocols built upon that technology, law enforcement and regulators had the exact same information about transactions on a DeFi protocol as the companies that built the protocols. In these situations, law enforcement is often able to obtain more information than they would have in the traditional financial system.
Rather than starting with the premise that DeFi is working toward a greater good – a more transparent, efficient and inclusive financial system – the proposed FATF guidance reads as if the FATF has concluded DeFi is “guilty” or primarily built for criminals. That is wrong, and akin to the assumption made 25 years ago about the internet, when U.S. regulators almost strangled the internet in its cradle in order to target online pornography.
Beyond the presumption of guilt being factually incorrect, adopting the expansive definition of VASP in the proposed guidance would undermine the benefits of DeFi by stifling innovation, slowing economic growth, suppressing financial inclusion and perpetuating the wealth gap.
In addition, the presumption of guilt discourages collaboration from or with even the most willing industry participants. But collaboration is precisely what we need to continue to grow this new financial system while ensuring that AML/CFT compliance solutions “plug in” to the technology appropriately.
The proposed guidance reads as if we cannot have a financial system or a financial transaction without an intermediary. Thst sets a dangerous precedent: It sends the message that innovation is unwelcome unless it can be understood and regulated exactly as it is today.
The presumption of “guilt” is particularly troubling given the fact that developers of and participants in DeFi protocols have been developing solutions to AML/CFT as the DeFi ecosystem itself develops. These native compliance solutions account for the reality of blockchains and DeFi protocols: They “plug in” to them correctly, they account for the ways in which the software can be accessed, and they are building with the software rather than against it.
Some examples of the types of solutions that mimic the monitoring the proposed guidance seeks to promulgate are:
The current AML/CFT solutions in DeFi are robust and continuously getting stronger, especially considering that DeFi is a nascent, emerging financial system.
We need to embrace the benefits of AML/CFT regulations, but the proposed guidance will not provide such benefits and will simultaneously impose significant burdens (most of which cannot realistically be implemented) on this new financial system.
How do we do this effectively? The only way to determine that is through additional time to develop a system of regulation that accounts for the realities of DeFi technology through collaboration with dedicated actors in the DeFi space and by leveraging existing compliance solutions.