A public response to IOSCO’s report on DeFi

by | Oct 20, 2023 | DeFi, news, Regulation&Taxation, Staking | 0 comments

We wish to thank IOSCO for the opportunity to comment on the Policy Recommendations for Decentralised Finance (DeFi) (CR/04/2023). IOSCO’s work in this area is very important and we appreciate the opportunity for members of the DeFi industry to provide input.

In this joint response by the European Blockchain Association, LlamaRisk and the IOTA Foundation with contributions from Erwin Voloder (EBA), Svetlin Konsulov (LlamaRisk) and Tom Jansson (IOTA) we especially address recommendations #2 to #5.

IOSCO’s efforts to ensure investor protection and market integrity are very welcome, but we believe that the regulatory approach to achieve those goals must recognize the unique features of DeFi and the wider crypto-asset industry. We believe that existing securities law frameworks are inadequate and inappropriate to address crypto and digital asset markets as a whole.

While it is true that DeFi projects exist on a spectrum of decentralisation and may exhibit centralised areas, the overall approach to DeFi should not be based on regulatory frameworks that assume or require further centralisation. For example, regulators should not require DeFi projects to acquire a custody licence, brokerage licence, exchange licence etc. if the project’s technology already enables users to trade assets in a decentralised, non-custodial manner.

Here is a quick overview of the key issues we see with recommendations 2, 3, 4, and 5. (You will find a detailed response addressing all relevant aspects in our paper.)

Recommendation #2 – Identify Responsible Persons

Our response aims to demonstrate that IOSCO’s recommendation lacks nuance when it states that “Once a regulator identifies Responsible Persons, their activities should be assessed using Existing Frameworks or New Frameworks, as appropriate, in accordance with the principle of “same activity, same risk, same regulatory outcome.” This approach is not sustainable and could significantly deter development in the sector. Here is one of the many examples we discuss: Decentralized Autonomous Organization (DAOs) exhibit fluid and dynamic roles, underpinned using smart contracts and decentralized consensus mechanisms. These smart contracts are not a ‘management body, board of directors or other fiduciaries commonly found in traditional financial organizations defining how roles are created, modified and dissolved.

Recommendation #3 – Achieve Common Standards of Regulatory Outcomes

In our response we explain, why we find it important to distinguish between the technology as such and the (custodial) services offered by a financial operator. We believe that financial regulation should not be applied to developers or providers of technology as such. Intermediaries that are technology providers should not be treated as financial intermediaries. Financial regulations should only apply to operators that perform financial services on behalf of users. Also, it is necessary to underscore a differentiation between technical staking and so called ‘staking in name only’, or SINO-based arrangements before turning to the question of liquid staking. For a more detailed appraisal, some of the contributors to this consultation alongside a consortia of industry partners have released two documents in the public domain “Towards a reliable taxonomy and understanding of PoS and ‘related’ services in an EU regulatory setting”, and “Understanding Staking: A Structured Taxonomy of Staking Mechanisms.” Both are excellent resources we feel would further aid IOSCO in consolidating its understanding and position on the staking ecosystem as a whole.

Recommendation #4 – Require Identification and Addressing of Conflicts of Interest

In our response we present clarifications about MEV specifics as we want to encourage the distinction between toxic vs non-toxic MEV, i.e. operations that intentionally or unintentionally harm consumers and those that bring balance to the system. In particular we address topics like wormhole bridge exploits, MEV Boost, legal purview, and customer safety. that are relevant to its treatment as a risk-prone activity.

Recommendation #5 – Require Identification and Addressing of Material Risks, Including Operational and Technology Risks

In our response we want to bring attention to the fact that each type of blockchain bridge presents distinct legal and risk considerations, refering to the Ethereum Foundation’s practical classification of different bridge types. Following the insights gleaned from our findings, we recommend an extended phase of examination to address specific questions that have arisen, pivotal to ensuring the robustness and integrity of the operational ecosystem. The subsequent analysis should scrutinize: (A) the potential of a single entity orchestrating a ‘rug pull’, evaluating the system’s resilience and safeguards against such events. Furthermore, we seek to (B) assess the project’s sustainability and continuity in the hypothetical absence of its founding team.

You can read our full, detailed response in this paper here.