We are approaching a major regulatory inflection point for digital assets in general, and decentralized finance (DeFi) may end up being the ultimate battleground. The push to regulate exchanges is nothing new, nor is the increased scrutiny on the space. What seems to be changing in the U.S. is the broadening of regulatory scope – or perhaps a reweighting of focus towards DeFi, stablecoins, and even Proof of Stake (PoS) assets.

For a bit of background, both SEC Chair Gary Gensler and Acting Comptroller of the Currency Michael Hsu have made several commented on digital assets recently. Here are our high-level takeaways: (1) The SEC looks ready to debate which assets will be classified as securities. (2) The push for exchanges to register will intensify. (3) Stablecoins are concerning, seen as “casino chips,” evoking comparisons to the 2008 financial crisis. (4) Lending practices (centralized and DeFi) are moving to the frontline. And (5) lending might be conflated staking, a big concern for Proof-of-Stake assets, including Ethereum.

The bottom line is that we see the potential for two diametric outcomes, both of which undesirable, but many possible shades in between.

• Overregulation: impairing the rails that may be necessary to take us to the next technological era, and the inevitable economic and social transition deeper into to digital realm.
  
• Underregulation: lack of pre-emptive action leading to a build-up of systemic risks and suboptimal outcomes for users and governments that will prove hard to undo, like the early days of the Internet.

In the end, DeFi may prove the ultimate regulatory battleground, especially when central bank digital currencies come in play. DeFi is a mechanism for resource allocation through the usual channels, including trading, money markets, and insurance, amounting to some $80 bln of locked value. It’s probably the sector farthest away from regulatory purview, yet it might have the greatest overlap with traditional financial services – sometimes even called a shadow banking system. With spreads and yields magnitudes larger than conventional markets, and easy cross-border mobility, it’s easy to imagine how it could one day impact monetary policy transmission. It’s also no surprise that regulators and many of us in financial services may feel both drawn to it and threatened by it at the same time.

DeFi has a unique set of risks and disruptive potential that differentiates it from both the traditional financial industry or a shadow banking system. Here’s a summary of what we think are the main reasons why:

(1) DeFi replaces credit risk with smart contract risk.

(2) Lack of credit risk, widespread over-collateralization, and other safety mechanisms significantly reduces contagion and systemic risks in DeFi, perhaps rendering protocols anti-fragile.

(3) Like FinTech, DeFi is both complementary and in direct competition with the traditional financial system.

(4) Illicit activities in the digital assets space seems to be declining, but proportionately more of it is happening in DeFi.

(5) DeFi is a Darwinian sandbox for battle-testing the ideas that could shape the economic model, governance, and property rights of a future digitally native society. Failing to get the incentives right could mean long-lasting suboptimal outcomes, as was arguably the case for the Internet.
 

DeFi vs. Credit Risk

DeFi replaces credit risk with smart contract risk for both investors and protocols.

Credit risk is a part of every financial market transaction, from mortgages to CME corn futures and even Evergrade bonds. But your credit record is irrelevant in DeFi. If you want to take a loan from AAVE, Venus, or Benqi, your borrowing power is determined entirely by the value of the collateral you put in. If it falls beyond the threshold, and the smart contract functions as it should, your position is automatically liquidated and a 5% penalty (AAVE) taken from your collateral. There is no recourse, no one to call and plead to keep you in the trade.

DeFi protocols can’t (in theory) steal investor’s money. If you deposit Bitcoins in an exchange such as Binance, you implicitly take Binance counterparty/credit risk. In contrast, DeFi is “non-custodial,” meaning that users control their private key (for the better or worse). And the code of reputable DeFi projects is open source, so investors have full transparency about what smart contracts can and cannot do with the funds. The code is usually subject to “timelock”, meaning it cannot be changed without warning and a waiting period). It is also audited by companies such as CertiK, which publish rating reports akin to Moody’s or S&P Ratings, but focusing on the viability, robustness, and sanctity of the code.

But there are plenty of ways to lose money in DeFi, most of which stemming from smart contract risk, and illicit activity is rising in space. The most obvious case is hacking. Another (and perhaps more common) exploit in DeFi are flash loans, which borrow large sums to manipulate market pricing in liquidity pools. And, of course, there are countless scams – affectionately called “rug pulls” – in which developers of new and unaudited protocols exploit users. (More on this below).

Overcollateralization and Systemic Risks

The absence of credit risk means that lending in DeFi is usually overcollateralized, greatly reducing systemic. For example, ETH deposited in AAVE has a maximum LTV of 0.80 – you can borrow 0.8 ETH for every 1 ETH you deposit. In addition, many major protocols have backstop funds for disorderly liquidation risk, such as AAVE’s Safety Module. There are several DeFi margin trading platforms where you can get far greater leverage (DYdX gives you 5x, for example). Still, they represent a smaller segment of borrow in DeFi and provide far less leverage than centralized exchanges.

DeFi protocols appear to be antifragile. We often get asked how DeFi – without regulation or mandatory capital requirements – fared during recent crashes and disorderly market conditions. The answer seems to be very well. In May of this year, ETH fell some 60% in 11 days, but no major Decentralized Exchange (DEX) or DeFi lending protocols reported any problem to the best of our knowledge. According to Glassnode data, over $350 mln in leverage was liquidated across Compound and AAVE. On the crucial May 19 crash when ETH fell 30%, DEXs handled a record of around $12 bln in trading volume, half of which was in Uniswap. Also, all major stable coins (USDC, USDT, DAI…) maintained their peg during the period, fluctuating only between $0.99 and $1.02. (Note, however, that DAI deviated by a lot more during the March 2021 crash, to $1.12).

Meanwhile… major centralized exchanges such as Binance, Kraken, and Gemini had lots of trouble during the crash. These exchanges reported “intermittent downtime,” “connectivity issues,” and other euphemisms for not being able to cope with the surge in flow and volatility. During several points in the crisis, many investors were only able to execute trades in DeFi, which arguably emerged stronger as a result.

Complementary and Threatening

There is a lot to admire in how DeFi protocol developers have leveraged the benefits of blockchains. DeFi not only does away with financial intermediaries handling credit risk, but it’s also an automated, 24/7 full suite back office that usually takes seconds to execute. All of processing, clearing, and settlement happens simultaneously through smart contracts. No humans are involved aside from the developers who maintain and upgrade the code. The table provides a good breakdown of the differences between DeFi and traditional finance, taken from Chris McCanna’s DeFi Infrastructure 101.

DeFi has several important shortcomings in comparison to traditional financial services, or centralized exchanges such as Coinbase. As mentioned, you can’t do much without collateral, so many retail-facing functions of capital markets such as mortgages and student loans are beyond the scope of DeFi (for now). DeFi is not user-friendly and few platforms include functional customer service. DeFi front-end portals can be complicated to use and often depend on integration tools such as Metamask. Likewise, users must grasp complex concepts such as liquidity pools and impermanent loss. Smaller investors in DeFi can become victims of predatory trading practices, such as frontrunning by trading bots (though this is not unheard of in traditional markets either). Lastly, traditional financial institutions have competitive custom support, and can access government programs like FDIC deposit guarantees or socially desirable lending schemes for disadvantaged groups. 

Nic Carter and Linda Jeng provide a deeper look into other elements of this discussion in DeFi Protocol Risks: the Paradox of DeFi. They group the risks into: (i) interconnections with the traditional financial system, (ii) operational risks stemming from underlying blockchains, (iii) smart contract-based vulnerabilities, (iv) other governance and regulatory risks, and (v) scalability challenges.

Illicit Activity

While criminal activity is reportedly falling across the cryptocurrency space, it has been growing in DeFi. In fact, funds stolen in hacks of centralized exchanges (such as the KuCoin exchange) often find their way into DeFi. In its latest Crypto Crime Report, Chainalysis says, “we expect cybercriminal use of DeFi for money laundering to increase in 2021.” The latest report by CipherTrace shows that DeFi has now accounted for the vast majority of hacks in 2021. You can also check out the Rekt leader board for the latest high-profile exploits (https://rekt.news/leaderboard/). All of these activities will understandably capture the attention of regulators, especially since there is no KYC in DeFi. Of note, many of the crypto industry cheered the crackdown against the Russian exchange Suex, known for facilitating funds from ransomware and cyber-attacks.
 

Darwinian Sandbox

Many outside observers mistakenly assume that all digital assets are like Bitcoin, a type of speculative digital gold with no utility or associated income stream. This could not be further from the truth. In fact, it’s not even true for Bitcoin, which can earn interest and can be used as collateral. DeFi protocols are continuously experimenting with new ways to create value for token holders. While many of these are can be scams, there plenty of honest attempts to compete by improving functionality, usability, security, or sound “tokenomics.” Tokens of some protocols, like Compound (COMP) and Balance (BAL), are almost entirely about voting rights in their governance system (including control of the treasury funds). AAVE tokens can be deposited in the protocol’s Safety Module, where they earn interest in exchange for serving as a backstop for a liquidity shortfall event. Tokens of many projects in the Binance Smart Chain, such as PancakeSwap (CAKE) and Beefy Finance (BIFI), look a lot more like equity, rewarding holders with dividends generated from protocol activities and/or conducting buybacks (i.e., reducing supply via burns). Protocols with strong teams and sustainable tokenomics prevail, while others quickly perish.

More recently, far more ambitious experiments are underway in arts, music, social media, and online gaming. In fact, the protocol with highest-grossing revenue at the time of writing is the Ethereum-based game Axie Infinity. The recent NFT craze is another example where developers are experimenting with fractional ownership of art or staking mechanisms. We hope to discuss these in future reports, but for now, the takeaway is that many of the new emerging economies and micro-economies are intrinsically linked to, and enabled by, DeFi.

Conclusion: The Stakes are High

Greater regulation for exchanges and major stable coins seems inevitable, and probably a long-term positive for the industry. It could be the key to unlock a Tsunami of capital looking to invest in digital assets, blockchain, and the emerging Metaverse (games, arts, social media, etc). Indeed, some of the loudest complaints from the space are less about being regulated and more about lacking a clear regulatory framework and overall poor communication. For example, see the spat over Coinbase’s lending platform, epitomized by CEO Brian Armstrong’s tweets and blogpost about the SEC’s “sketchy behaviour.” BlockFi had a similar episode with state regulators.

Overregulation or poorly crafted measures risk disabling the rails that may take us to the next technological era. The narrative goes something like this. Web 1.0 was read-only, think blogs or Craigslist. Web 2.0 was read-interact, brought about by smartphones, social media, and cloud computing. Web 3.0, arguably where we are headed, is read-interact-own. It’s the view that distributed ledges and artificial intelligence will enable an open, transparent, and permission less virtual ecosystem. Perhaps even a whole new social contract.

On the other hand, lack of pre-emptive action could lead to a build-up of systemic risks and suboptimal outcomes. It’s easy to say this in hindsight, but the current backlash against big tech suggests there was a lot that regulators could have done differently in areas ranging from taxation to user data protection. The same could be said about the great financial crisis and the build-up of financial risks.

Can we agree to meet somewhere in the middle?