Digital Assets, DeFi, and the Regulator Inflection Point

September 23, 2021

We are approaching a major regulatory inflection point for digital assets in general, and decentralized finance (DeFi) may end up being the ultimate battleground. The push to regulate exchanges is nothing new, nor is the increased scrutiny on the space. What seems to be changing in the U.S. is the broadening of regulatory scope – or perhaps a reweighting of focus towards DeFi, stablecoins, and even Proof of Stake (PoS) assets.

For a bit of background, both SEC Chair Gary Gensler and Acting Comptroller of the Currency Michael Hsu have made several commented on digital assets recently. Here are our high-level takeaways: (1) The SEC looks ready to debate which assets will be classified as securities. (2) The push for exchanges to register will intensify. (3) Stablecoins are concerning, seen as “casino chips,” evoking comparisons to the 2008 financial crisis. (4) Lending practices (centralized and DeFi) are moving to the frontline. And (5) lending might be conflated staking, a big concern for Proof-of-Stake assets, including Ethereum.

The bottom line is that we see the potential for two diametric outcomes, both of which undesirable, but many possible shades in between.

  • Overregulation: impairing the rails that may be necessary to take us to the next technological era, and the inevitable economic and social transition deeper into to digital realm.
  • Underregulation: lack of pre-emptive action leading to a build-up of systemic risks and suboptimal outcomes for users and governments that will prove hard to undo, like the early days of the Internet.

In the end, DeFi may prove the ultimate regulatory battleground, especially when central bank digital currencies come in play. DeFi is a mechanism for resource allocation through the usual channels, including trading, money markets, and insurance, amounting to some $80 bln of locked value. It’s probably the sector farthest away from regulatory purview, yet it might have the greatest overlap with traditional financial services – sometimes even called a shadow banking system. With spreads and yields magnitudes larger than conventional markets, and easy cross-border mobility, it’s easy to imagine how it could one day impact monetary policy transmission. It’s also no surprise that regulators and many of us in financial services may feel both drawn to it and threatened by it at the same time.

DeFi has a unique set of risks and disruptive potential that differentiates it from both the traditional financial industry or a shadow banking system. Here’s a summary of what we think are the main reasons why:

(1) DeFi replaces credit risk with smart contract risk.

(2) Lack of credit risk, widespread over-collateralization, and other safety mechanisms significantly reduces contagion and systemic risks in DeFi, perhaps rendering protocols anti-fragile.

(3) Like FinTech, DeFi is both complementary and in direct competition with the traditional financial system.

(4) Illicit activities in the digital assets space seems to be declining, but proportionately more of it is happening in DeFi.

(5) DeFi is a Darwinian sandbox for battle-testing the ideas that could shape the economic model, governance, and property rights of a future digitally native society. Failing to get the incentives right could mean long-lasting suboptimal outcomes, as was arguably the case for the Internet.

DeFi vs. Credit Risk

DeFi replaces credit risk with smart contract risk for both investors and protocols.

Credit risk is a part of every financial market transaction, from mortgages to CME corn futures and even Evergrade bonds. But your credit record is irrelevant in DeFi. If you want to take a loan from AAVE, Venus, or Benqi, your borrowing power is determined entirely by the value of the collateral you put in. If it falls beyond the threshold, and the smart contract functions as it should, your position is automatically liquidated and a 5% penalty (AAVE) taken from your collateral. There is no recourse, no one to call and plead to keep you in the trade.

DeFi protocols can’t (in theory) steal investor’s money. If you deposit Bitcoins in an exchange such as Binance, you implicitly take Binance counterparty/credit risk. In contrast, DeFi is “non-custodial,” meaning that users control their private key (for the better or worse). And the code of reputable DeFi projects is open source, so investors have full transparency about what smart contracts can and cannot do with the funds. The code is usually subject to “timelock”, meaning it cannot be changed without warning and a waiting period). It is also audited by companies such as CertiK, which publish rating reports akin to Moody’s or S&P Ratings, but focusing on the viability, robustness, and sanctity of the code.

But there are plenty of ways to lose money in DeFi, most of which stemming from smart contract risk, and illicit activity is rising in space. The most obvious case is hacking. Another (and perhaps more common) exploit in DeFi are flash loans, which borrow large sums to manipulate market pricing in liquidity pools. And, of course, there are countless scams – affectionately called “rug pulls” – in which developers of new and unaudited protocols exploit users. (More on this below).

Overcollateralization and Systemic Risks

The absence of credit risk means that lending in DeFi is usually overcollateralized, greatly reducing systemic. For example, ETH deposited in AAVE has a maximum LTV of 0.80 – you can borrow 0.8 ETH for every 1 ETH you deposit. In addition, many major protocols have backstop funds for disorderly liquidation risk, such as AAVE’s Safety Module. There are several DeFi margin trading platforms where you can get far greater leverage (DYdX gives you 5x, for example). Still, they represent a smaller segment of borrow in DeFi and provide far less leverage than centralized exchanges.

DeFi protocols appear to be antifragile. We often get asked how DeFi – without regulation or mandatory capital requirements – fared during recent crashes and disorderly market conditions. The answer seems to be very well. In May of this year, ETH fell some 60% in 11 days, but no major Decentralized Exchange (DEX) or DeFi lending protocols reported any problem to the best of our knowledge. According to Glassnode data, over $350 mln in leverage was liquidated across Compound and AAVE. On the crucial May 19 crash when ETH fell 30%, DEXs handled a record of around $12 bln in trading volume, half of which was in Uniswap. Also, all major stable coins (USDC, USDT, DAI…) maintained their peg during the period, fluctuating only between $0.99 and $1.02. (Note, however, that DAI deviated by a lot more during the March 2021 crash, to $1.12).

Meanwhile… major centralized exchanges such as Binance, Kraken, and Gemini had lots of trouble during the crash. These exchanges reported “intermittent downtime,” “connectivity issues,” and other euphemisms for not being able to cope with the surge in flow and volatility. During several points in the crisis, many investors were only able to execute trades in DeFi, which arguably emerged stronger as a result.

Complementary and Threatening

There is a lot to admire in how DeFi protocol developers have leveraged the benefits of blockchains. DeFi not only does away with financial intermediaries handling credit risk, but it’s also an automated, 24/7 full suite back office that usually takes seconds to execute. All of processing, clearing, and settlement happens simultaneously through smart contracts. No humans are involved aside from the developers who maintain and upgrade the code. The table provides a good breakdown of the differences between DeFi and traditional finance, taken from Chris McCanna’s DeFi Infrastructure 101.

  Traditional Finance
Custody Held by institution or custody provider
Held directly by users in non-custodial accounts or via smart contract
Unit of Account
Fiat Currency
Denominated in digital asset or stable coin
Execution Facilitated via intermediaries
Facilitated via smart contract
Settlement ~3-5 business days depending on transaction, during M-F business hours
Seconds to minutes depending on blockchain, 24/7 operating times
Clearing Facilitated via clearinghouses
Facilitated via blockchain transaction
Governance Specified by exchanges & regulators
Governed by protocol developers & users
Auditability Authorized third-party audits
Open source code & public ledger, can be audited by anyone
Collateral Transactions may involve no collateral, itermediaries take on risk
Over-collateral generally required
Risks Vulnerable to hacks and data breaches
Vulnerable to hacks and data breaches of smart contracts

DeFi has several important shortcomings in comparison to traditional financial services, or centralized exchanges such as Coinbase. As mentioned, you can’t do much without collateral, so many retail-facing functions of capital markets such as mortgages and student loans are beyond the scope of DeFi (for now). DeFi is not user-friendly and few platforms include functional customer service. DeFi front-end portals can be complicated to use and often depend on integration tools such as Metamask. Likewise, users must grasp complex concepts such as liquidity pools and impermanent loss. Smaller investors in DeFi can become victims of predatory trading practices, such as frontrunning by trading bots (though this is not unheard of in traditional markets either). Lastly, traditional financial institutions have competitive custom support, and can access government programs like FDIC deposit guarantees or socially desirable lending schemes for disadvantaged groups. 

Nic Carter and Linda Jeng provide a deeper look into other elements of this discussion in DeFi Protocol Risks: the Paradox of DeFi. They group the risks into: (i) interconnections with the traditional financial system, (ii) operational risks stemming from underlying blockchains, (iii) smart contract-based vulnerabilities, (iv) other governance and regulatory risks, and (v) scalability challenges.

Illicit Activity

While criminal activity is reportedly falling across the cryptocurrency space, it has been growing in DeFi. In fact, funds stolen in hacks of centralized exchanges (such as the KuCoin exchange) often find their way into DeFi. In its latest Crypto Crime Report, Chainalysis says, “we expect cybercriminal use of DeFi for money laundering to increase in 2021.” The latest report by CipherTrace shows that DeFi has now accounted for the vast majority of hacks in 2021. You can also check out the Rekt leader board for the latest high-profile exploits ( All of these activities will understandably capture the attention of regulators, especially since there is no KYC in DeFi. Of note, many of the crypto industry cheered the crackdown against the Russian exchange Suex, known for facilitating funds from ransomware and cyber-attacks.

DeFi-related hacks total $361 million, three-quarters of the total hack volume in 2021 — a 2.7x increase from 2020.

Darwinian Sandbox

Many outside observers mistakenly assume that all digital assets are like Bitcoin, a type of speculative digital gold with no utility or associated income stream. This could not be further from the truth. In fact, it’s not even true for Bitcoin, which can earn interest and can be used as collateral. DeFi protocols are continuously experimenting with new ways to create value for token holders. While many of these are can be scams, there plenty of honest attempts to compete by improving functionality, usability, security, or sound “tokenomics.” Tokens of some protocols, like Compound (COMP) and Balance (BAL), are almost entirely about voting rights in their governance system (including control of the treasury funds). AAVE tokens can be deposited in the protocol’s Safety Module, where they earn interest in exchange for serving as a backstop for a liquidity shortfall event. Tokens of many projects in the Binance Smart Chain, such as PancakeSwap (CAKE) and Beefy Finance (BIFI), look a lot more like equity, rewarding holders with dividends generated from protocol activities and/or conducting buybacks (i.e., reducing supply via burns). Protocols with strong teams and sustainable tokenomics prevail, while others quickly perish.

More recently, far more ambitious experiments are underway in arts, music, social media, and online gaming. In fact, the protocol with highest-grossing revenue at the time of writing is the Ethereum-based game Axie Infinity. The recent NFT craze is another example where developers are experimenting with fractional ownership of art or staking mechanisms. We hope to discuss these in future reports, but for now, the takeaway is that many of the new emerging economies and micro-economies are intrinsically linked to, and enabled by, DeFi.

Conclusion: The Stakes are High

Greater regulation for exchanges and major stable coins seems inevitable, and probably a long-term positive for the industry. It could be the key to unlock a Tsunami of capital looking to invest in digital assets, blockchain, and the emerging Metaverse (games, arts, social media, etc). Indeed, some of the loudest complaints from the space are less about being regulated and more about lacking a clear regulatory framework and overall poor communication. For example, see the spat over Coinbase’s lending platform, epitomized by CEO Brian Armstrong’s tweets and blogpost about the SEC’s “sketchy behaviour.” BlockFi had a similar episode with state regulators.

Overregulation or poorly crafted measures risk disabling the rails that may take us to the next technological era. The narrative goes something like this. Web 1.0 was read-only, think blogs or Craigslist. Web 2.0 was read-interact, brought about by smartphones, social media, and cloud computing. Web 3.0, arguably where we are headed, is read-interact-own. It’s the view that distributed ledges and artificial intelligence will enable an open, transparent, and permission less virtual ecosystem. Perhaps even a whole new social contract.

On the other hand, lack of pre-emptive action could lead to a build-up of systemic risks and suboptimal outcomes. It’s easy to say this in hindsight, but the current backlash against big tech suggests there was a lot that regulators could have done differently in areas ranging from taxation to user data protection. The same could be said about the great financial crisis and the build-up of financial risks.

Can we agree to meet somewhere in the middle?

Brown Brothers Harriman & Co. (“BBH”) may be used as a generic term to reference the company as a whole and/or its various subsidiaries generally. This material and any products or services may be issued or provided in multiple jurisdictions by duly authorized and regulated subsidiaries.This material is for general information and reference purposes only and does not constitute legal, tax or investment advice and is not intended as an offer to sell, or a solicitation to buy securities, services or investment products. Any reference to tax matters is not intended to be used, and may not be used, for purposes of avoiding penalties under the U.S. Internal Revenue Code, or other applicable tax regimes, or for promotion, marketing or recommendation to third parties. All information has been obtained from sources believed to be reliable, but accuracy is not guaranteed, and reliance should not be placed on the information presented. This material may not be reproduced, copied or transmitted, or any of the content disclosed to third parties, without the permission of BBH. All trademarks and service marks included are the property of BBH or their respective owners.© Brown Brothers Harriman & Co. 2021. All rights reserved.

This browser is not fully supported by our public website and may not display or function as expected for this reason. Please note, the Infuse Portal and BBH client applications fully support the IE 11 browser.

Important Information for Non-U.S. Residents

You are required to read the following important information, which, in conjunction with the Terms and Conditions, governs your use of this website. Your use of this website and its contents constitute your acceptance of this information and those Terms and Conditions. If you do not agree with this information and the Terms and Conditions, you should immediately cease use of this website. The contents of this website have not been prepared for the benefit of investors outside of the United States. This website is not intended as a solicitation of the purchase or sale of any security or other financial instrument or any investment management services for any investor who resides in a jurisdiction other than the United States1. As a general matter, Brown Brothers Harriman & Co. and its subsidiaries (“BBH”) is not licensed or registered to solicit prospective investors and offer investment advisory services in jurisdictions outside of the United States. The information on this website is not intended to be distributed to, directed at or used by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation. Persons in respect of whom such prohibitions apply must not access the website.  Under certain circumstances, BBH may provide services to investors located outside of the United States in accordance with applicable law. The conditions under which such services may be provided will be analyzed on a case-by-case basis by BBH. BBH will only accept investors from such jurisdictions or countries where it has made a determination that such an arrangement or relationship is permissible under the laws of that jurisdiction or country. The existence of this website is not intended to be a substitute for the type of analysis described above and is not intended as a solicitation of or recommendation to any prospective investor, including those located outside of the United States. Certain BBH products or services may not be available in certain jurisdictions. By choosing to access this website from any location other than the United States, you accept full responsibility for compliance with all local laws. The website contains content that has been obtained from sources that BBH believes to be reliable as of the date presented; however, BBH cannot guarantee the accuracy of such content, assure its completeness, or warrant that such information will not be changed. The content contained herein is current as of the date of issuance and is subject to change without notice. The website’s content does not constitute investment advice and should not be used as the basis for any investment decision. There is no guarantee that any investment objectives, expectations, targets described in this website or the  performance or profitability of any investment will be achieved. You understand that investing in securities and other financial instruments involves risks that may affect the value of the securities and may result in losses, including the potential loss of the principal invested, and you assume and are able to bear all such risks.  In no event shall BBH or any other affiliated party be liable for any direct, incidental, special, consequential, indirect, lost profits, loss of business or data, or punitive damages arising out of your use of this website. By clicking accept, you confirm that you accept  to the above Important Information along with Terms and Conditions.

1BBH sponsors UCITS Funds registered in Luxembourg, in certain jurisdictions. For information on those funds, please see

captcha image

Type in the word seen on the picture

I am a current investor in another jurisdiction