• Jamie Johnson

The Challenge Decentralised Finance Poses to Regulation

By Jamie Johnson

Decentralised finance (‘DeFi’) ‘provides the same financial services without any traditional central authority or intermediaries’ (Salami 2020 pp. 497). This presents a massive economic opportunity. Currently, payment processing firms such as Visa and Mastercard have gross profit margins around 60-80% (The Economist 2021). So, a shift towards a more decentralised system for processing payments can free up significant amounts of liquidity.

Yet, the lack of intermediaries poses a problem. In the absence of intermediaries, it is not clear who regulators should target.

This article will firstly discuss the underlying concepts involved in DeFi to illustrate how it works in more detail. Secondly, the article will respond to the view that this should not be regulated at all. Then it will discuss three different people who could bear the burden for regulations. The article then concludes.

The concepts underlying DeFi

DeFi relies upon a combination of blockchain and smart contract technology.

Blockchain can be defined as ‘a distributed, append only database, which enables - without a central trusted intermediary - transactions between human or software agents’ (Bodó et al. 2018 pp. 313). Essentially, blocks of information are kept together and these blocks are linked to older blocks. This creates a chain of information, referred to as blockchain.

For a more detailed explanation of blockchain, please read our overview article.

Smart contracts are programmes that the blockchain contains. These execute when particular criteria are met. Normally, information will need to be inputted from elsewhere to allow these smart contracts to execute.

For a more detailed explanation of smart contracts, please read our overview article.

The result of the use of blockchain and smart contracts is that there is no need for intermediaries. A network of individuals ensure that a blockchain is accurate by solving cryptographic problems so the ledger can be updated and distributed (Rathee 2020). Meanwhile, the use of smart contracts means that there is less scope for justifying a high commission because virtual assets are automatically transferred once a condition has been met.

This decentralisation explains the growing popularity of DeFi. The total assets in collateral in DeFi were $50bn as of June 2021 (Kruppa and Silverman 2021).

What is the problem?

DeFi poses a challenge to the traditional way of regulating finance. Traditionally, regulators have looked at intermediaries and held them accountable (Kruppa and Silverman 2021). This seems fair. As intermediaries collect vast sums of money, they are in a financial position to comply with regulations.

There has been significant movements to update regulations to deal with virtual assets in recent years. The Financial Action Task Force (‘FATF’) currently targets what are described as Virtual Asset Service Providers (‘VASPs’). These are businesses that transfer virtual assets.

However, the FATF does not consider DeFi to involve a VASP because DeFi refers to underlying software rather than a central actor (Boucher et al. 2021).

Meanwhile, although the UK is taking note, they are slow to act. In a report on the 24th of March, the Financial Policy Committee emphasised that the growing influence of DeFi needs to be monitored but it did not formulate any prescriptive guidance (Linklaters 2022). This represents a rather fudged position.

It is understandable why regulators are struggling with this issue. The central problem, as repeatedly noted, is that it is unclear who should bear the burden of regulations. Once that has been settled, there does not seem to be any great difficulties with regulators designing a system of regulations for virtual assets traded on DeFi (Salami 2020). Regulations could mirror those for VASPs in substance if not in form.

What follows is a discussion of three different individuals who could be targeted by regulations. The article leans towards regulating the third actor mooted.

Why impose regulations at all?

It might be tempting in the face of this problem to simply not impose any regulations at all. Indeed, the whole promise of DeFi is that users can determine for themselves what value should be paid for particular goods and services (The Economist 2021).

However, this view is misguided for two principal reasons.

Firstly, there is the potential for widespread fraud in the absence of any controls on the DeFi space. For instance, $320 million was stolen from the protocol Wormhole in February of this year (NBC 2022). The government frequently intervenes to protect consumers and so if there is a risk of consumers suffering from fraud then they should try to mitigate the risks of fraud occurring. The most pernicious aspect of fraud in DeFi is that if a user’s keys are stolen they simply cannot get them back (Swan 2015). So, regulations are necessary to prevent theft from occuring in the first instance.

Secondly, DeFi requires the trust of users in order to grow as a viable alternative market. If there are fewer regulations then users with little background in crypto will be reluctant to completely place their faith in the DeFi system (The Economist 2021). Arguably, this lack of trust also means that existing transactions conducted through DeFi are less efficient than they could be. For instance, the rate of collateral on a loan made over DeFi regularly reaches 150% (Salami 2020). More trust in the system would mean that lenders would be willing to reduce the rate of collateral required for a loan and so markets would be more liquid.

So, having outlined how the option of no regulations would not be viable, the article now discusses who should bear the burden of regulations.

Should programmers bear the burden?

It has been proposed that programmers exert considerable influence over the resulting transactions that occur through DeFi and so should bear the burden (Chan and Yoong Tian 2022). By holding programmers accountable, it may be the case that they ensure that systems are designed in a way that prevents regulatory breaches.

The problem is that it is not clear that programmers can necessarily exercise the sort of foresight to stop all regulatory breaches from taking place in a DeFi space. A programmer inherently does not want to release a system that is faulty because there are reputational harms from doing so. Users on a DeFi system might find all sorts of ways to avoid regulations and it is simply unrealistic to think that programmers can pre-empt all of these ways.

Should users bear the burden?

Given that transactions involve users transacting between themselves with no intermediaries, a natural position might be to regulate the users themselves (Boucher et al. 2021). The users could be required to ensure that they know who they are transacting with to prevent fraud and held individually liable for any breaches of the regulations that they carry out.

However, the issue is that it is just not clear that average users will be in a position to ensure that regulations are upheld at every stage. If DeFi reaches the scale that is promised then most users simply will not know when a breach of regulations has occurred. This is shown by the fraud that has already occurred through DeFi. For instance, $2 million of Vericoin was stolen in July 2014 (Swan 2015).

Should VASPs bear the burden?

A method mooted by the most recent FATF guidance is to require a regulated VASP to be involved in any transaction (Boucher et al. 2021). This would require programmers to ensure that the code is changed so that a transaction will not execute where there is no VASP involved.

At first glance, this looks contradictory to the allure of DeFi. VASPs seem to be the sort of intermediary that DeFi is supposed to remove. However, the role of VASPs could be seen as more of an insurance policy for users executing transactions through DeFi.

Users could choose between different VASPs who will make sure that there are protections from the fraud and regulators can ensure that VASPs carry out these obligations. The choice of different VASPs would ensure that extortionate fees cannot be charged.

This could in itself actually encourage the use of DeFi. If ordinary people think DeFi is regulated and involves insurance then they are more likely to put their faith in the system and use it (The Economist 2021). Obviously, this is not a perfect solution by any stretch. However, when compared to the issues with the other two solutions mooted, it seems to be the least bad option.


In conclusion, DeFi poses a regulatory challenge that existing regulators have not fully settled yet. It is proposed that introducing VASPs into transactions and regulating those VASPs is the best solution of all the current options.


  • Bodó, B; Gervais, DJ & Quintais, JP (2018) Blockchain and smart contracts: the missing link in copyright licensing? International Journal of Law and IT 26 (4) pp. 311-336

  • Boucher, LJ; Fisch, EJ; Nguyen, B; Maalouf, KN; Perry, JE & Seidner, G (2021) FATF Updates Its Global Guidelines for the Regulation of Virtual Assets With an Eye to Emerging Technologies [Online] Available: https://www.skadden.com/insights/publications/2021/11/recent-developments-in-the-regulation-of-virtual-assets/fatf-updates-its-global-guidelines Accessed: 25/03/22

  • Chan, E & Yoong Tian, S (2022) Decentralised finance (DeFi): a game-changer or just a passing fad? Journal of International banking and Financial Law 37(1) pp. 39-42

  • Kerrigan, C (2020) Tokenisation and digital assets: blockchain in capital raising Journal of International Banking and Financial Law 35 (3) pp 57-60

  • Kruppa, M & Murphy, H (2019) ‘DeFi’ movement promises high interest but high risk [Online] Available: https://www.ft.com/content/16db565a-25a1-11ea-9305-4234e74b0ef3 Accessed: 25/03/22

  • Kruppa, M & Silverman, G (2021) Regulators begin to grapple with DeFi [Online] Available: https://www.ft.com/content/e6e7d9d6-7778-4286-ba6f-e5831fcbc538 Accessed: 25/03/22

  • Linklaters (2022) UK authorities team up to remind regulated firms about crypto standards [Online] Available: https://www.linklaters.com/en/insights/blogs/fintechlinks/2022/march/uk-authorities-team-up-to-remind-regulated-firms-about-crypto-standards Accessed: 25/3/2022

  • McCarthy, J (2021) Evaluating the EU’s digital finance strategy: ambitious glimpses of future regulation? Journal of International Banking Law and Regulation 36(9) pp. 379-389

  • Rathee, P (2020) Introduction to Blockchain and IoT in Kim, S & Chandra Deka, G (eds.) Advanced Applications of Blockchain Technology Singapore: Springer pp. 1-15

  • Salami, I (2020) Financial Crime Update Journal of International Banking and Financial Law 35 (7) pp. 496-499

  • Sigalos, M (2022) More than $320 million stolen in latest apparent crypto hack [Online] Available: https://www.nbcnews.com/tech/tech-news/320-million-stolen-latest-apparent-crypto-hack-rcna14735 Accessed: 25/3/22

  • Swan, M (2015) Blockchain: Blueprint for a New Economy Cambridge: O’Reilly

  • The Economist (2021) Curioser and curiouser: Adventures in DeFi-land [Online] Available: https://www.economist.com/briefing/2021/09/18/adventures-in-defi-land Accessed: 25/03/22

  • The Economist (2021) Down the rabbit hole: The beguiling promise of decentralised finance [Online] Available: https://www.economist.com/leaders/2021/09/18/the-beguiling-promise-of-decentralised-finance Accessed: 25/03/2022