DeFi regulation has long been a contentious issue for regulators worldwide. However, a recent paper authored by Rebecca Rettig, Katja Gilman, and Michael Mosier proposes an innovative strategy to classify truly decentralized DeFi protocols as critical infrastructure. This paradigm shift would place DeFi under the supervision of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). While OCCIP may not be a traditional financial regulator, it plays a vital role in strengthening the security and resilience of critical infrastructure within the financial services sector.
The proposed classification aims to establish safety measures to mitigate the risks associated with illicit activities in DeFi systems. Instead of introducing middlemen into genuine DeFi systems, the authors argue that treating DeFi as critical infrastructure is akin to not forcing phone companies to employ switchboard operators to verify each call’s recipient. By recognizing genuine DeFi protocols as critical infrastructure and subjecting them to OCCIP oversight, similar to other tech systems in finance, authorities can effectively manage illicit financial risks.
Importantly, classifying DeFi systems as critical infrastructure under OCCIP does not automatically label them as financial institutions regulated by the Bank Secrecy Act (BSA). OCCIP operates independently of BSA regulations and collaborates with various stakeholders, including financial institutions, industry associations, and government agencies. This distinction ensures appropriate oversight without burdening DeFi protocols with unnecessary regulatory requirements.
The classification of genuine DeFi systems as critical infrastructure aligns with efforts proposed by both industry players and regulators to establish clear regulatory measures for neutral DeFi software. These measures encompass a range of initiatives, such as implementing cybersecurity standards, establishing information sharing and analysis centers (ISACs), automating risk indicators, and utilizing other tools to mitigate risks.
While certain initiatives are already underway in the DeFi sector, such as cybersecurity frameworks and the establishment of an ISAC, closer collaboration between industry participants and regulators facilitated by OCCIP would enhance the effectiveness of these efforts. This collaborative approach ensures that regulatory measures align with industry practices and technological advancements, striking a balance between innovation and risk mitigation.
DeFi has long existed in a regulatory gray area, which has discouraged some participants and hindered its growth potential. In North America, the use of DeFi has experienced a decline, primarily due to regulatory uncertainty in the United States. The Commodity Futures Trading Commission (CFTC) has previously highlighted the lack of clear accountability within DeFi systems, with certain industry structures intentionally disregarding this issue. This lack of clarity poses significant risks for investors and consumers, such as fraud, market manipulation, conflicts of interest, data breaches, and privacy violations.
In light of these challenges, the CFTC has emphasized the need for policymakers to develop a deeper understanding of DeFi by assessing the existing regulatory landscape and identifying areas for further exploration. Mapping exercises can be particularly helpful in evaluating whether the financial products and services offered by DeFi projects fall within the scope of existing US regulations.
The proposed reclassification of DeFi as critical infrastructure offers several advantages. It provides a framework for oversight and regulation to safeguard against illicit financial activities without stifling innovation. By leveraging OCCIP’s expertise in cybersecurity and critical infrastructure protection, regulators can collaborate with industry stakeholders to create a comprehensive regulatory framework that fosters responsible growth in the DeFi ecosystem.
This classification also brings clarity and accountability to the DeFi sector, which can help attract more participants and investors. By establishing DeFi as critical infrastructure, policymakers send a signal that they are committed to addressing regulatory concerns and promoting a safe and secure environment for financial innovation.
The proposal to classify decentralized finance (DeFi) protocols as critical infrastructure under the oversight of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) represents a significant step towards establishing clear regulatory measures for the DeFi sector. By recognizing the importance of DeFi systems and applying appropriate oversight, regulators can strike a delicate balance between fostering innovation and mitigating risks. Collaboration between industry participants and regulators is crucial to ensure that regulatory measures align with industry practices and technological advancements. Ultimately, the classification of DeFi as critical infrastructure offers a path towards a more secure and resilient future for decentralized finance.