In brief

  • The US Commodities Futures Trading Commission Technical Advisory Committee heard a presentation about DeFi today.
  • The presentation covered how to regulate new financial protocols.
  • Enforcement for facilitating illegal activity could technically be brought against developers or liquidity providers, but both are problematic.

DeFi went under the microscope at a US Commodity Futures Trading Commission (CFTC) virtual meeting today, with one participant telling colleagues the emerging tech is “a game changer.”

There are still plenty of questions about how to regulate the new financial species, however.

The CFTC Technology Advisory Committee heard a presentation covering the ins- and outs- of DeFi today—the group of blockchain-based applications that offer financial services, including loans, asset trading, and interest on customer deposits. Unlike banks, however, DeFi protocols use smart contracts to execute user orders and reduce overhead costs.


The presentation from the Virtual Currencies Subcommittee gave a high-level overview of the existing DeFi landscape, and hinted that CFTC regulators may be seeking the most effective way to apply liability without stifling innovation in the sector. But the meeting also demonstrated that there is not yet a regulatory path to stop the use of DeFi for illegal activities.

The biggest challenge is determining liability.

Gary DeWaal, Special Counsel at Katten Muchin Rosenman LLP and a member of the Virtual Currencies Subcommittee, raised the potential for direct liability attributed to developers of DeFi protocols. 

There are a number of problems with that approach. In many cases, software development is protected by the First Amendment right to free speech in the US. And even if it weren’t, charging or arresting the original developers of a DeFi protocol running on a blockchain won’t stop the service itself—one of the key aspects of blockchains like Ethereum that are said to be ‘censorship resistant’. That’s often true as well of DeFi projects that are often open-source and developed collectively with anonymous contributors, making enforcement against developers prohibitively challenging and expensive. 

Secondary liability, generated by helping or controlling a person performing illegal activity, is also seen as a potential risk for DeFi liquidity providers, end users, governance token holders, and even miners who process blockchain transactions. But in those cases, it’s up to prosecutors to show that people willfully aided wrongdoing, another high threshold to cross that could prove too costly to effectively enforce.



“There are a lot of folks in the blockchain ecosystem who have spent a fair amount of resources trying to get it right from the beginning, making sure proactively they did what they needed to do to comply with applicable rules and law,” DeWaal said. “What’s challenging here is that it’s effectively non-legal entities doing whatever the incorrect activity is, so it will be mostly secondary actors who are potentially liable, which raises an issue of fundamental fairness.”

Aaron Wright, a subcommittee member who is a clinical professor of law at Cardozo Law School and co-founder of the OpenLaw digital contract platform, noted that a safe harbor agreement, which shields entities from liability if they follow a set of guidelines, would be a relatively straightforward way to induce DeFi protocols to comply with relevant US regulations.

“A safe harbor could potentially create a regulatory incentive to build and support compliance,” he said. “It could excuse either direct liability against software developers or other DeFi participants, if the protocol has a lawful purpose and entails no fraud, excluded addresses to encourage compliance, and limits margin trading.”

Ultimately, it may still be too early to effectively apply regulations to such new financial tools. A “no action” letter that outlines a safe harbor for DeFi protocols that take particular steps to be in compliance could be one way to provide some regulatory certainty without making a premature decision on primary or secondary liability to developers or liquidity providers.

Such a letter was provided for digital asset custodians in September, permitting them to trade customer funds on their clients’ behalf. But there’s no telling what the requirements might be to earn the protection of such a letter for DeFi protocols, which have only grown enough for serious regulatory scrutiny in the last six months. Concrete guidance could still be years away. 

“Many members of the committee are sympathetic to the issue that this is an important development, a game changer,” DeWall said. “The idea of having non-incorporated entities, non-legal persons, non-actual persons engaging in the activity that might be problematic is a relatively significant game changer. [DeFi] has lots of potential benefits but has a lot of risks. We don’t want to inhibit this important development.”

The subcommittee concluded with recommendations of a wait-and-see approach to better understand where risk of illegal activity would manifest in the broader DeFi ecosystem.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.