DeFi regulation has become a topic of great debate among regulatory authorities worldwide. In a recent paper by Rebecca Rettig, Katja Gilman, and Michael Mosier, a strategy is proposed to classify decentralized DeFi protocols as critical infrastructure. This classification would place them under the oversight of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). This article critically examines the implications of this proposal and explores the potential benefits and challenges it presents.
The OCCIP, although not a traditional financial regulator, plays a vital role in strengthening the security and resilience of critical infrastructure in the financial services sector. It collaborates with industry associations, financial institutions, and government agencies to exchange information about cybersecurity risks and weaknesses. The authors argue that by classifying genuine DeFi systems as “critical infrastructure” supervised by the OCCIP, much-needed safety measures can be implemented to combat the risks associated with illegal money activities.
The paper emphasizes that instead of forcibly introducing middlemen into DeFi systems, it is more akin to the situation where phone companies no longer require switchboard operators to verify the identities of phone users. Genuine DeFi, according to the authors, should be recognized as critical infrastructure and regulated accordingly, just like the authorities handle the risks of illicit finance in other technology systems within the financial industry.
It is important to note that classifying genuine DeFi systems as critical infrastructure under OCCIP does not automatically label them as “financial institutions” subject to regulation under the Bank Secrecy Act (BSA). OCCIP is not bound by BSA regulations and is not limited to working solely with financial institutions. This distinction allows for a more flexible regulatory framework that can encompass a wider range of DeFi protocols without imposing unnecessary restrictions on their operation.
The proposal to classify genuine DeFi systems as critical infrastructure aligns with efforts put forth by both industry participants and regulators to establish regulatory measures for neutral software. The authors suggest implementing cybersecurity standards, creating information sharing and analysis centers (ISACs), automating risk indicators, and utilizing other tools to mitigate risks. While some of these initiatives are already underway in the DeFi sector, collaboration between industry stakeholders and regulators facilitated by OCCIP would enhance their effectiveness.
DeFi has long been a gray area for regulators, which has led to uncertainty and a decline in activity in some regions, including North America. The lack of clear accountability within DeFi systems has been identified as a significant concern by the Commodity Futures Trading Commission (CFTC). The risks associated with DeFi, such as fraud, market manipulation, conflicts of interest, data breaches, and privacy violations, are often overlooked due to a lack of understanding.
The CFTC suggests that policymakers need to gain a deeper understanding of DeFi to address these risks effectively. Mapping exercises can be employed to determine whether the financial products and services offered by DeFi projects fall under existing US regulations. By mapping out the landscape of DeFi, policymakers can identify areas where additional regulations may be necessary or existing regulations can be clarified to foster responsible innovation while ensuring investor protection and market integrity.
The proposal to classify decentralized DeFi protocols as critical infrastructure under the oversight of OCCIP presents both opportunities and challenges. By leveraging the expertise of the OCCIP, safety measures can be implemented to address the risks associated with illegal financial activities in DeFi systems. Collaboration between industry participants and regulators is crucial to strike the right balance between innovation and oversight. However, it is essential that any regulatory framework is carefully crafted to avoid stifling innovation and hindering the growth of the DeFi ecosystem. With comprehensive understanding and effective regulation, DeFi has the potential to transform the financial industry by providing inclusive, decentralized, and secure financial services.