CFTC Tech Advisory Committee’s DeFi report: key takeaways for DeFi builders and innovators

A nuanced, and remarkably technical, report from the CFTC’s Technology Advisory Committee (TAC) approaches decentralized finance (DeFi) as a promising and, in some respects, inevitable technology that presents novel but manageable risks for users and government.

The TAC serves the CFTC’s Digital Assets and Blockchain Technology Subcommittee, which is chaired by CFTC Commissioner Christie Goldsmith Romero and features an impressive roster of industry experts and current and former government officials. The TAC’s 79-page report encourages engagement among industry and government to mitigate DeFi’s risks and prevent flight from the US of DeFi innovators whose technology has the potential to enhance financial inclusion while complementing a safe and robust financial system.

Here, we review the high points of the report, then offer six takeaways for DeFi builders and innovators.

DeFi’s “promising opportunities”

The report begins with the lofty premise that DeFi seeks to “achieve a financial system running on self-executing computer code, available to anyone on the planet with a computer and internet connection,” but acknowledges that many DeFi protocols fall short of this vision. The TAC observes that DeFi occupies a spectrum of decentralization, security, transparency, privacy, interoperability, and regulatory compliance. To appropriately regulate these systems, the TAC advises policymakers and consumers to cultivate a deep understanding of the ways they work and where they fall on the spectrum.

What is DeFi? Five “functional dimensions”

The TAC report attempts to demystify DeFi by framing it as simply the latest evolution in a long tradition of disaggregating economic functions.

Because DeFi continues to evolve, the TAC suggests that at present a single fixed definition of DeFi would be unworkable. Instead, it offers a functional definition: DeFi, the report says, is “characterized by highly automated financial networks that have no single point of failure, do[es] not rely on a single source of information, and [is] not governed by a central authority that is capable of altering or censoring this information in order to perform tasks central to delivery of one or more financial services.” This definition elucidates the “decentralized” element of DeFi, but the TAC emphasizes that DeFi projects exhibit decentralization across a variety of dimensions that policymakers need to understand.

To help with this, the TAC suggests five “functional dimensions” across which policymakers can evaluate how decentralized a particular DeFi system actually is. These are:

1. Access: What barriers to access exist for users?
2. Development: Is development performed by a small team or independent anonymous developers?
3. Governance: How much discretion is allocated to humans, and how many?
4. Balance sheet: To what degree are assets held in automated protocols from which users can freely retrieve their assets?
5. Operational: Are operations like software design, maintenance, compliance, and others outsourced by the DeFi system?

According to the TAC, DeFi systems employ various technologies to achieve these dimensions of decentralization, such as decentralized autonomous organizations (DAOs) for decentralized governance, or smart contracts and decentralized apps (DApps) to automate asset distribution. To understand what DeFi is, therefore, policymakers must grasp how each of these technologies contribute the decentralized element of DeFi.

To put all this in concrete terms, the TAC suggests that DeFi may one day offer users more efficient access to stocks, derivatives, bonds, lending, borrowing, and even life, property, and health insurance. And the TAC describes some of what DeFi has already accomplished – for instance, digital wallets, cross-border payments, consumer lending and credit, and even what the TAC terms “RegTech,” which the authors describe as enabling DeFi projects to comply with regulatory obligations while simultaneously protecting user privacy.

The government’s seven core policy objectives

The report identifies a wide range of objectives that policymakers may wish to apply to DeFi, but encourages them to treat seven objectives as core touchstones:

1. Protecting investors and consumers from outright scams, negligence or malfeasance of human intermediaries, and inherent risks
2. Promoting market integrity
3. Ensuring micro-prudential safety and soundness, meaning regulations targeting centralized intermediaries where they are part of and/or have touchpoints with a DeFi system
4. Maintaining US and global financial stability and mitigating systemic risks
5. Expanding access to safe and affordable financial products and services
6. Combatting illicit finance
7. Reinforcing US leadership and competitiveness in finance and technology

The report then describes how DeFi systems may both further and frustrate these policy objectives. For example, DeFi systems that offer fast, cheap cross-border payments without a bank account dismantle barriers to financial access and inclusion, but may also undermine efforts to police illicit finance.

How should policymakers proceed?

After addressing the possibilities of DeFi and defining the government’s policy objectives, the report provides a roadmap for policymakers to approach regulation of DeFi. The report’s core recommendation is that policymakers should deeply engage with DeFi. This process would begin by mapping where and how DeFi falls within the subject matter and geographic jurisdiction of existing regulation. Policymakers can then evaluate where and how to expand the “regulatory perimeter.” However, the report cautions that policymakers should carefully consider feasibility, proportionality, usefulness, and cost when designing regulations – features that, the report implies, were not always top of mind in recent attempts to regulate aspects of DeFi.

Policymakers should then consider how to best leverage the technological features of DeFi to support regulatory compliance and security controls throughout a DeFi system. The report identifies eight “Layers” that regulations could hypothetically target, among them governance, physical hardware, and user information. The TAC suggests that policymakers could treat these “Layers” as levers that can be pulled to achieve various policy objectives. Pulling a lever could range from simple disclosure requirements to full-blown structural regulation.

One particularly tricky feature of DeFi that the report recognizes is how to identify responsible entities or personhoods. The TAC acknowledges that “a future financial system in which no persons or entities are held responsible for their actions – is neither feasible nor desirable.” Nonetheless, the report stops short of suggesting a model for identifying responsible persons in a sufficiently decentralized DeFi system.

The report also cautions against applying outmoded regulations designed for “antiquated” technologies to DeFi. For example, because DeFi transactions involve a public traceable ledger and no custodial money transmitter, the report observes that DeFi transactions lack many of the risks of wire transfers or cash transactions. Thus, the report advises against applying the same regulations to DeFi transactions.

Finally, the report suggests that, in keeping with the government’s historic support of innovation, policymakers should go beyond a merely regulatory approach, striving to accelerate DeFi efforts and encourage safe experimentation through research and development grants and the use of “regulatory sandboxes” which offer limited safe harbors for DeFi builders. The report further says the current nature of engagement between the government and the private sector on DeFi is “not constructive,” and instead encourages participation in robust and constructive dialogue. It also recognizes the need for industry to foster this dialogue and take responsibility for building compliance into systems at an early stage.

Key takeaways

• CFTC’s Technology Advisory Committee takes a refreshing and nuanced view of DeFi that gives equal airtime to DeFi’s risks as well as its benefits and promises.
• The report advises policymakers to deeply study the many dimensions of DeFi before embarking on regulatory endeavors; no one-size-fits-all approach can effectively achieve the government’s policy objectives, particularly given the layers of technical complexity native to DeFi.
• The report identifies several policy objectives applicable to DeFi systems, including maintaining US leadership and competitiveness, and suggests a framework for furthering objectives through thoughtful regulation.
• Novel risks require new regulatory strategies: the report warns against targeting “antiquated” risks which may inadvertently box in regulation and compliant innovation by modern DeFi systems.
• The current tenor of dialogue between government and DeFi industry players is “not constructive.” The report advises both sides to foster better understanding and collaboration.
• At an early stage, DeFi builders and innovators – and their investors – should consult with experienced counsel and carefully consider the challenges and opportunities of entering the US market, including building compliance into their systems and products and having constructive engagement with regulators.

DLA Piper boasts award-winning and nationally recognized blockchain and cryptocurrency and white-collar defense and global investigations practices with former federal prosecutors and regulators. Please reach out to any of the authors or your DLA Piper contact with any questions.