SEC.gov | Statement on DeFi Risks, Regulations, and Opportunities
As published in The International Journal of Blockchain Law, Vol. 1, Nov. 2021.
Whether in the news, social media, popular entertainment, and increasingly in people’s portfolios, crypto is now part of the vernacular.[1] But what that term actually encompasses is broad and amorphous and includes everything from tokens, to non-fungible tokens, to Dexes to Decentralized Finance or DeFI. For those readers not already familiar with DeFi, unsurprisingly, definitions also vary. In general, though, it is an effort to replicate functions of our traditional finance systems through the use of blockchain-based smart contracts that are composable, interoperable, and open source.[2] Much of DeFi activity takes place on the Ethereum blockchain, but any blockchain that supports certain types of scripting or coding can be used to develop DeFi applications and platforms.
DeFi presents a panoply of opportunities. However, it also poses important risks and challenges for regulators, investors, and the financial markets. While the potential for profits attracts attention, sometimes overwhelming attention, there is also confusion, often significant, regarding important aspects of this emerging market. Social media questions like “who in the U.S. regulates the DeFi market?” and “Why are regulators involved at all?” abound. These are crucial questions, and the answers are important to lawyers and non-lawyers alike. This article attempts to provide a short background on the current regulatory landscape for DeFi, the role of the United States Securities and Exchange Commission (“SEC”), and highlights two important hurdles that the community should address.[3]
Mục lục bài viết
I. Many Investments Share Important Attributes
Many DeFi offerings and products closely resemble products and functions in the traditional financial marketplace.[4] There are decentralized applications, or dApps, running on blockchains, that enable people to obtain an asset or loan upon posting of collateral, much like traditional collateralized loans.[5] Others offer the ability to deposit a digital asset and receive a return. Both types of products offer returns, some directly, and some indirectly by enabling the use of borrowed assets for other DeFi investing opportunities. In addition, there are web-based tools that help users identify, or invest in, the highest-yielding DeFi instruments and venues.[6] Other applications let users earn fees in exchange for supplying liquidity or market making.[7] There are also tokens coded to track the prices of securities trading on registered U.S. national securities exchanges, and then can be traded and used in a variety of other DeFi applications. So while the underlying technology is sometimes unfamiliar, these digital products and activities have close analogs within the SEC’s jurisdiction.
These similarities should come as a surprise to no one, considering finance is in the name. It should also come as a surprise to no one that investing is often at the core of DeFi activity. This movement is not about merely developing new digital asset tokens. Developers have also constructed smart contracts that offer individuals the ability to invest, to lever those investments, to take a variety of derivative positions, and to move assets quickly and easily between various platforms and protocols. And there are projects that show a potential for scalable increased efficiencies in transactions speed, cost, and customization.
These projects are evolving incredibly fast with new and interesting potential. Considering the relative infancy of blockchains that support the scripting needed for sophisticated smart contracts, DeFi development is particularly impressive. But these offerings are not just products, and their users are not merely consumers. DeFi, again, is fundamentally about investing. This investing includes speculative risks taken in pursuit of passive profits from hoped-for token price appreciation, or investments seeking a return in exchange for placing capital at risk or locking it up for another’s benefit.
II. Unregulated Markets Suffer From Structural Limitations
Market participants who raise capital from investors, or provide regulated services or functions to investors, generally take on legal obligations. In what may be an attempt to disclaim those legal obligations, many DeFi promoters disclose broadly that DeFi is risky and investments may result in losses, without providing the details investors need to assess risk likelihood and severity.[8] Others could accurately be characterized as simply advocating a “buyer beware” approach; by participating, investors assume the risk of any and all losses. Given this, many current DeFi participants recommend that new investors exercise caution, and many experts and academics agree there are significant risks.[9]
While DeFi has produced impressive alternative methods of composing, recording, and processing transactions, it has not rewritten all of economics or human nature. Certain truths apply with as much force in DeFi as they do in traditional finance:
- Unless required, there will be projects that do not invest in compliance or adequate internal controls;
- when the potential financial rewards are great enough, some individuals will victimize others, and the likelihood of this occurring tends to increase as the likelihood of getting caught and severity of potential sanctions decrease; and
- absent mandatory disclosure requirements,[10] information asymmetries will likely advantage rich investors and insiders at the expense of the smallest investors and those with the least access to information.
Accordingly, DeFi participants’ current “buyer beware” approach is not an adequate foundation on which to build reimagined financial markets. Without a common set of conduct expectations, and a functional system to enforce those principles, markets tend toward corruption, marked by fraud, self-dealing, cartel-like activity, and information asymmetries. Over time that reduces investor confidence and investor participation.[11]
Conversely, well-regulated markets tend to flourish, and I think our U.S. capital markets are prime examples. Because of their reliability and shared adherence to minimum standards of disclosure and conduct, our markets are the destination of choice for investors and entities seeking to raise capital. Our securities laws do not merely serve to impose obligations or burdens, they provide a critical market good. They help address the problems noted above, among others, and our markets function better as a result. But, in the brave new DeFi world, to date there has not been broad adoption of regulatory frameworks that deliver important protections in other markets.
III. Who Regulates DeFi?
In the United States, multiple federal authorities likely have jurisdiction over aspects of DeFi, including the Department of Justice, the Financial Criminal Enforcement Network, the Internal Revenue Service, the Commodity Futures Trading Commission, and the SEC.[12] State authorities likely have jurisdiction over aspects as well.[13] In spite of the number of authorities having some jurisdictional interest, DeFi investors generally will not get the same level of compliance and robust disclosure that are the norm in other regulated markets in the U.S. For example, a variety of DeFi participants, activities, and assets fall within the SEC’s jurisdiction as they involve securities and securities-related conduct.[14] But no DeFi participants within the SEC’s jurisdiction have registered with us, though we continue to encourage participants in DeFi to engage with the staff. If investment opportunities are offered completely outside of regulatory oversight, investors and other market participants must understand that these markets are riskier than traditional markets where participants generally play by the same set of rules.
IV. The Role of the SEC
As an SEC Commissioner I have a duty to help ensure that market activity, whether new or old, operates fairly, and offers all investors a level playing field.[15] I would expect this goal to be one DeFi market participants also support.
To do this, the SEC has a variety of tools at its disposal ranging from rulemaking authority, to various exemptive or no action relief, to enforcement actions. Importantly, if DeFi development teams are not sure whether their project is within the SEC’s jurisdiction, they should reach out to our Strategic Hub for Innovation and Financial Technology (“FinHub”), or our other Offices and Divisions, all of which have experts well-versed in issues relating to digital assets.[16] It is my understanding that FinHub has never refused a meeting, and their engagement is meaningful.[17] If a series of meetings is needed, they spend the necessary time. If a project does not fit neatly within our existing framework, before proceeding to market, that project team should come and talk to us.[18] The more the project team can lead that discussion with possible solutions, the better outcomes they can expect. Our staff cannot offer legal advice, but they stand ready to listen to ideas and provide feedback, as developers know their projects better than we ever could. If the project is seemingly constrained by our rules, it is critical for us to get specific ideas about how these new technologies can be integrated into our regulatory regime to ensure the market and investor protections afforded by the federal securities laws, while allowing innovations to flourish.
That being said, for non-compliant projects within our jurisdiction, we do have an effective enforcement mechanism. For example, the SEC recently settled an enforcement action with a purported DeFi platform and its individual promoters. The SEC alleged they failed to register their offering, which raised $30 million, and misled their investors while improperly spending investor money on themselves.[19] To the extent other offerings, projects, or platforms are operating in violation of securities laws, I expect we will continue to bring enforcement actions. But my preferred path is not through enforcement, and I do not consider enforcement inevitable. Broad non-compliance that necessitates numerous enforcement actions is not an efficient way to achieve what I believe are shared goals for DeFi. The more projects that voluntarily comply with regulations, the less frequently the SEC will have to pursue investigations and litigation.
V. Structural Hurdles
I recognize it is not the SEC’s role to prevent all investment losses. It is also not my goal to restrict investor access to fair and appropriate opportunities. But it is my job to demand that investors have equal access to critical information so they can make informed decisions whether to invest and at what price. I am similarly committed to ensuring markets are fair and free from manipulation. Given this, it seems that there are two specific structural problems that the DeFi community needs to address.
A. Lack of Transparency
First, although transactions often are recorded on a public blockchain, in important ways, DeFi investing is not transparent. I am concerned that this lack of transparency contributes to a two tier market in which professional investors and insiders reap outsized returns while retail investors take more risks, get worse pricing, and are less likely to succeed over time.[20] Much of DeFi is funded by venture capital and other professional investors. It is unclear to me how well known this is in the DeFi retail investor community, but the underlying funding deals often grant professional investors equity, options, advisory roles, access to project team management, formal or informal say on governance and operations, anti-dilution rights, and the ability to distribute controlling interests to allies, among other benefits. Rarely are these arrangements disclosed, but they can have a significant impact on investment values and outcomes. Retail investors are already operating at a significant disadvantage to professional investors in DeFi,[21] and this information imbalance exacerbates the problem.
Some contend that DeFi is, in fact, more egalitarian and transparent because much of the activity is based on code that is publicly available.[22] However, only a relatively small group of people can actually read and understand that code, and even highly-qualified experts miss flaws or hazards. Currently the quality of that code can vary drastically, and has a significant impact on investment outcomes and security. If DeFi has ambitions of reaching a broad investing pool, it should not assume a significant portion of that population can or wants to run their own testnet to understand the risks associated with the code on which their investment prospects rely. It is not reasonable to build a financial system that demands investors also be sophisticated interpreters of complex code.
Put simply, if a retail investor has $2,000 to invest in a risky programmable asset, it is not cost effective for that investor to hire experts to audit the code to ensure it will behave as advertised. Instead, retail investors must rely on information available through marketing, advertising, word of mouth, and social media. Professional investors, on the other hand, can afford to hire technical experts, engineers, economists, and others, before making an investment decision. While this professional advantage exists historically in our financial markets, DeFi exacerbates it. DeFi removes intermediaries that perform important gatekeeping functions and operates outside the existing investor and market protection regime. That can leave retail investors without access to professional financial advisors or other intermediaries who help screen potential investments for quality and legitimacy. These provide meaningful fraud reduction and risk assessment assistance in traditional finance, but there are limited substitutes in DeFi.
B. Pseudonymity
A second foundational challenge for DeFi is that these markets are vulnerable to difficult to detect manipulation. DeFi transactions occur on a blockchain, and each transaction is recorded, immutable, and available for all to see. But that visibility extends only down to a certain identifier. Because of pseudonymity, the blockchain displays the blockchain address that sent or received assets, but not the identity of the person who controls it.
Without an efficient method for determining the actual identity of traders, or owners of smart contracts, it is very difficult to know if asset prices and trading volumes reflect organic interest or are the product of manipulative trading by, for example, one person using bots to operate multiple wallets, or a group of people trading collusively. There are specific U.S. securities laws prohibiting trading for the purpose of giving the false appearance of market activity or to manipulate the price of a security,[23] because successful investing depends on reliable information and market integrity. Pseudonymity makes it much easier to conceal manipulative activity and almost impossible for an investor to distinguish an individual engaging in manipulative trading from normal organic trading activity. In DeFi, because markets often turn on asset price, trading volumes, and momentum, investors are vulnerable to losses due to manipulative trading that makes those signals unreliable. To the extent transactions occur off public blockchains, it is even more difficult to assess whether trading is legitimate.
I recognize that in some ways DeFi is synonymous with pseudonymous. The use of alphanumeric strings that obscure real world identity was a core feature of Bitcoin and has been present in essentially all blockchains that have followed. But in the U.S., investors have long been comfortable with a compromise in which they give up some limited degree of privacy by sharing their identity with the entity through which they trade securities. In return, they benefit from regulated markets that are more fair, orderly, and efficient, with less manipulation and fraud.
In moving to DeFi, I suspect most retail investors are not doing so because they seek greater privacy; they are seeking better returns than they believe they can find from other investments. While some in DeFi believe in absolute financial privacy, I expect that projects that solve for pseudonymity are more likely to succeed, because investors can then be comfortable that asset prices reflect actual interest from real investors, not prices pumped by hidden manipulators. Projects that address this problem are also more likely to be able to comply with SEC regulations and other legal obligations, including requirements around anti-money laundering and countering the financing of terrorism imposed by the Bank Secrecy Act.
VI. Conclusion
My respect for innovation does not lessen my commitment to help ensure all our financial markets are sustainable and offer average investors a fair chance of success. DeFi is a shared opportunity and challenge. Some DeFi projects fit neatly within our jurisdiction, and others may struggle to comply with the rules as currently applied. It is not enough to just say it is too hard to regulate or to say it is too hard to comply with regulations.
It is a positive sign that many projects say they want to operate within DeFi in a compliant way. I credit their sincerity on this point, and hope they commit resources to collaborating with the SEC staff in the same spirit. For DeFi’s problems, finding compliant solutions is something best accomplished together. Reimagining our markets without appropriate investor protections and mechanisms to support market integrity would be a missed opportunity, at best, and could result in significant harm, at worst. In conceiving a new financial system, I believe developers have an obligation to optimize for more than profitability, speed of deployment, and innovation. Whatever comes next, it should be a system in which all investors have access to actionable, material data, and it should be a system that reduces the potential for manipulative conduct. Such a system should lead capital to flow efficiently to the most promising projects, rather than being diverted by mere hype or false claims. It should also be designed to advance markets that are interconnected, but with sufficient safeguards to withstand significant shocks, including the potential for rapid deleveraging. In decentralized networks with diffuse control and disparate interests, regulations serve to create shared incentives aligned to benefit the entire system and ensure fair opportunities for its least powerful participants.
My staff and I have been actively engaged in helpful discussions with DeFi experts and my door remains open.[24] I can’t promise an easy or quick process, unfortunately, but I can assure you of good faith consideration and a true desire to help promote responsible innovation.