On March 4, 2023, the French Fintech Innovation Hub of the Autorité de Contrôle Prudential et de Résolution (ACPR) published a report titled “‘Decentralised’ or ‘Disintermediated’ finance: what regulatory response?” The report seeks to provide a brief description of a Decentralized Finance (DeFi) ecosystem, its main use cases, the challenges it aims to solve, and its limitations in doing so.
The ACPR also explores concentration and technology risks (including the scaling up of Layer 2 solutions), oracle-related risks at the application layer, and supervisory challenges related to the complexity and composability of DeFi products. It argues that the endogeneity of the investment risk poses additional challenges to the internal stability of the DeFi ecosystem (although these challenges are not yet significant enough to engender spillover risk to the traditional financial system).
To address the array of purported DeFi-related risks, the ACPR’s report puts forward several regulatory options, both complementary to an alternative status quo for financial regulation and supervision. The ACPR argues that regulations must be adapted to the specific features of DeFi wherever possible and exhibit flexibility rather than pull in the same static direction. To achieve this, the report argues for a regulatory perimeter that combines traditional financial regulations and regulations inspired by other economic sectors.
Chief among these policy options is a certification mechanism for public blockchains based on the fidelity of the computer code, a minimum number of validators, and caps on validation capacity concentration. Accordingly, the application layer of smart contracts would adhere to a similar certification scheme, also covering the specific nature of a provided service and governance.
The ACPR also floats the idea of prohibiting interaction with uncertified smart contracts. Certification would be granted for a limited period of time, be withdrawable at any time, and be subject to renewal after any significant change to the code. The report further suggests that a form of embedded supervision may be possible in the future to embed certification requirements directly into the code itself.
In a similar scenario, the ACPR calls for the transfer of all financial functions to private blockchains in order to meet minimum standards and transfer the stewardship of private blockchains to trusted private or public players. French regulators have also highlighted the need for legally incorporating whenever players exercise effective control over sensitive services, or if players exercising control over services could fall directly within the scope of supervision. The ACPR also suggests developing a legal status for decentralized autonomous organizations (DAOs). In abstracting the regulatory perimeter to capture decentralized financial intermediaries, the ACPR suggests extending the scope of the Markets in Crypto Assets Regulation (MiCA), and that access to financial products be made contingent on the level of the customer’s financial literacy and appetite for risk.
Instead of the implementation of MiCA, which also requires a report to be drawn up within 18 months of its entry into force (including, among other things, a closer look at potential regulatory pathways for DeFi in Europe), the ACPR has launched a public consultation based on the points raised in its report.
Industry reaction to ACPR
Given the horizontal focus of policy suggestions and their vertically significant effects, we as representatives of the blockchain industry, felt a pressing need to address both the tone of and the problem presented by the ACPR’s report.
Therefore, the European Blockchain Association (EBA), the IOTA Foundation and the European Crypto Initiative (EUCI), joined efforts to draft a reply to the ACPR’s report. The reply included an important mobilization of industry players, including members of the International Association of Trusted Blockchain Applications (INATBA), such as the University of Glasgow, the University of Pavia, Cornell University, the Research Group in Digitalization and Business Law at Rey Juan Carlos University (DYDEM), La Caisse Des Dépôts, Folks Finance, EthicHub, Tokeny, FeverTokens, AMLBot, Callisto Enterprise, and members of the expert panel of the EUBOF Iwona Karasek-Wojciechowicz, associate professor and Dr Marcin Pawlowski Iñigo Moré Research Assistant Professor Jagiellonian University; Amit Joshi, Founder HashPrix; Matthew Niemerg, Ph.D. President Aleph Zero Foundation; and, Teaching Assistant University of Chicago Daniel Szego, DLT Architect. The reply also features the support of the Global Blockchain Business Council (GBBC).
Although we welcome efforts to bring more regulatory clarity so that the industry can continue to develop and build in confidence, we are concerned by the potential reach of certain regulatory proposals and how they may – by force or necessity – shape the course of innovation in a particular (and not necessarily beneficial) way, or stifle it to a certain degree, especially in Europe.
Some of the key points highlighted in the reply revolve around the definition of DeFi suggested by the ACPR, the risks identified, and the potential for a future regulatory framework.
A full copy of the reply can be found here.
Click on the image to view .
Our response: the main talking points
Our joint response to the APCR report includes in-depth answers to several key points, which can be read in full at the link above. Here, we summarize our main positions.
- Different definitions of DeFi: We argue that the APCR report’s definition of DeFi omits important components such as user control over assets, trustless system-based interactions, and the potential of governance structures. Our response reflects a survey by the IOTA Foundation of 141 participants from the crypto and VC community who define DeFi as an emerging financial system, offering various functionalities beyond those of traditional finance, with an emphasis on user autonomy. In contrast to the ACPR’s position, our reply discusses the convergence of decentralization and disintermediation in DeFi, as both involve the distribution of control and decision-making but differ in the removal or reduction of intermediaries achieved through technological advancements. Hence, we argue that DeFi could be considered both decentralized and disintermediated, as blockchain technology with the utilization of smart contracts enables both concepts.
- DeFi as a democratizing force in the Financial Industry: Our reply also discusses the development of DeFi and its potential to democratize financial services and facilitate financial inclusion by making monetary tools more accessible. We highlight that, although DeFi is still in its infancy, it has significant potential to evolve and play a crucial role in the digital economy by allowing virtual transactions to occur easily. However, DeFi still faces challenges in terms of centralization, concentration of power, cyber-attacks, and interconnectedness. Nevertheless, we argue that various governance models, such as sortition, liquid democracy, quadratic voting, DAOs, and futarchy, are emerging to address these challenges. Moreover, in our reply, Layer 1 and Layer 2 solutions are compared to address scalability and security issues.
- Formal certification as a solution to risks and vulnerabilities: We argue that the risks and vulnerabilities associated with DeFi are mainly related to using Layer 2 solutions and the application layer of DeFi. Our reply discusses transparency issues and systemic vulnerabilities in the DeFi ecosystem, as well as risks to retail customers and the regulation of stablecoins issued by DeFi protocols. Our reply mentions the importance of certifying and auditing smart contracts and highlights suggestions for certified and auditing tools. Extensive formal verification is the preferred method for ensuring smart contract security, as it could provide consistency and scalability. However, we highlighted that certification alone might not be sufficient, and it should be complemented by continuous monitoring, bug bounty programs, and regular security audits to ensure the ongoing safety of smart contracts.
- Decentralization and proportional regulation: Concerning the regulatory challenges associated with DeFi and DAOs, we argue against the recentralization of crypto assets as it poses risks to security, reliability, trust, and governance. We believe that the MiCA regulation holds sufficient requirements for incorporation and recentralization. In addition, some of the existing technology is already capable of enabling compliance for DeFi and DAOs applications by restricting access to dApps, using digital identities, and ensuring users’ privacy via anonymous and verifiable credentials. In accordance with the principle of proportionality, we suggest that any regulatory measures should balance innovation and investor and consumer protection to prevent excessive restrictions from impacting the development of blockchain solutions.
- Regulating intermediary services: We also highlight that the regulation of DeFi intermediaries could play a crucial role in facilitating access to the DeFi ecosystem. We argue that a one-size-fits-all approach to regulating intermediaries is not appropriate due to the diverse range of actors and use cases involved. Instead, regulatory efforts should focus on the higher layers of the DeFi infrastructure, where most users engage with the platform. This would provide an appropriate balance between user protection and maintaining the principles of decentralization, cyber resilience, security, and innovation that are inherent in blockchain technology.
Open dialogue for smarter regulation
It is imperative that the blockchain industry continues to engage in open discussions with policymakers and take every opportunity to cooperate and make our industry’s voice heard. There is always an inherent balancing act between consumer protection and innovation, with the regulatory umbrella providing a tightrope; these opposing forces should be adaptable and supple.
That being said, with open communication addressing both the risks and opportunities thoughtfully and methodically, and providing evidence grounded in empirical reasoning backed by data, we can ensure that our industry continues to flourish and remain consumer-focused in the process.
With the adoption of the Digital Finance Package, anti-money laundering regulations, and the European Data Strategy, Europe’s regulatory horizon has a fair degree of certainty. Where the rules are not yet clear, an opportunity to have a seat at the table exists. It is our hope that we, as an industry, rise to the occasion and meet the challenges head-on.
The IOTA Foundation, EBA, EUCI, and the signatories of the reply, are committed to maintaining an open line of dialogue with regulatory bodies. Therefore we are at the disposal of ACPR and any other regulatory body, in- or outside Europe, that wants to engage in a direct dialogue with the industry.
We also conduct webinars and other educational activities to keep the industry abreast of the latest regulatory developments. Among them, we will organize a roundtable on June 12th that will feature industry experts, presentations on the current state of DeFi, and an open round table with different participants around the future of DeFi regulation. We will soon share more information about the speakers and schedule; in the meantime, you can pre-register here.
For more information, please contact the leaders of this initiative: Mariana de la Roche, IOTA Foundation (firstname.lastname@example.org), Erwin Voloder, EBA (email@example.com ), and Marina Markezic, EUCI (firstname.lastname@example.org)