Policy & Regulation

DeFi Regulation: Practical Next Steps to Make the Industry Safer

How Decentralized Finance (DeFi) should be regulated is part of a broader debate about how we control technologies that operate without human intervention. There are similar deliberations around artificial intelligence (AI), as both represent paradigm shifts that will set lasting precedents for the future. The implications of how we regulate DeFi are incredibly nuanced and must be grappled with by industry, government, academia and civil society, and I am heartened to see that serious thinkers are beginning to put forward conceptual frameworks

But today, we don’t need to make perfect the enemy of good. There are steps we can take to make DeFi safer right now, specifically with basic AML/CFT standards and cybersecurity safeguards. 

First, government and industry must identify a shared baseline technical understanding of DeFi models, and their differences from centralized services. Second, government and industry should work together to identify “red line” risks that all DeFi projects should seek to mitigate. Private sector participation is key; builders and practitioners in the ecosystem are uniquely aware of their risks and are generally incentivised to address them. Collaboration on industry-wide minimum standards would provide a practical pathway toward oversight and compliance, and promote the development of high-quality DeFi applications and services that minimize harm and drive positive consumer outcomes.

The next step is to identify minimum standards and good practices. 

AML/CFT standards

Anti-money laundering and counter terrorism financing standards are broadly accepted as the minimum requirements by which existing and emerging forms of value transfer must be upheld. Technology is available now to apply sanctions screening or address screening to DeFi. DeFi services could also consider different models to mitigate AML/CFT risks such as white/black listing to manage access or privacy pools. Many of these solutions are easy to implement and are practical in the short term to de-risk these protocols. 

Cybersecurity safeguards

Together, regulators and industry can establish clear expectations for smart cyber-hygiene in the DeFi space. Already, industry has created solutions that help foster higher levels of security in the sector, including the development of tools providing visibility into smart contracts and their on-chain governance arrangements.  In our 2024 Crypto Crime Report, we discuss how the decline in the hacking of DeFi protocols contributed to the overall 54% drop in stolen funds last year, but that still stands at a staggering $1.1 billion dollars,

Many in the industry have recognised the need for collaborative security standards that can be used by teams to assess their cybersecurity measures and identify potential vulnerabilities. These include smart contract audits, which are essential to reducing the prolific hacking of DeFi protocols. And, these audits can be augmented by enlisting bug bounty programs or retaining incident response firms. Further, the REKT test is a good example of cross-industry minimum standards for participants that has been championed over the last year.

Looking ahead

While immediate steps in AML/CFT and cybersecurity should be taken, regulators and industry will want to understand broader trends in the ecosystem to inform more robust regulatory frameworks. Thanks to blockchain technology’s inherent transparency, on-chain data can provide insights into which assets and DeFi platforms are the most popular, the activity of different categories of users (e.g. large holders of assets or small, retail participants), the interconnectedness and risk concentration within DeFi and across digital assets, and more. 

For example, let’s look at DEXs and DeFi net inflow activity over the past year (January 1st, 2023 – December 31st 2023) compared with CExs and other services. We observe just how consistently the DEX and DeFi category received the most value, with February and March representing a distinct peak of inflows for the sector.

This amounts to around $26.33 billion of net inflows versus $15.28 billion for the next nearest category, minting and burning. Much of the DeFi inflows are received from centralized exchanges, demonstrating that it’s common for people to use centralized exchanges as an onramp to fund their DeFi activity. Ethereum is the gateway asset of choice to the DeFi sector, making up approximately 81% of net inflows over the period. More granular analysis could show the top counterparties that dominate these inflows down to the specific transaction level.

The regulation of DeFi remains a complex and evolving challenge, with ongoing debates between regulators and industry players. Recognising the philosophical differences, we advocate for the focus to move toward practical, collaborative steps to achieve shared goals. 

Regardless of what happens next in the regulation of DeFi, when it comes to decentralised systems, relying on regulation alone will not be sufficient. To be effective, there must also be market-led initiatives and the establishment of norms that move the needle on making the market safer for consumers. 

Not Investment or Other Advice

This material is for informational purposes only, and is not intended to provide legal, tax, financial, investment, regulatory or other professional advice, nor is it to be relied upon as a professional opinion. Recipients should consult their own advisors before making these types of decisions. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information herein. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.