A letter from a16z to regulators: How should DeFi be properly regulated?
Author: Brian Quintenz, a16z
Compiled by: GaryMa, Wu Says Blockchain
Abstract
This article is a comment letter written by a16z for the Financial Stability Board (FSB) on the theme of "International Regulation of Crypto Asset Activities," mainly divided into three parts:
Discussing the differences between DeFi & CeFi, and how an appropriate DeFi regulatory framework should involve regulating Web3 applications rather than Web3 protocols (regulating businesses, not software);
Discussing the importance of privacy while still mitigating illegal financial risks;
Warning against creating overly strict regulations, as such regulations may have the effect of prohibiting well-functioning and over-collateralized algorithmic stablecoins. We suggest that collateral requirements can mitigate risks, as this may lead to prohibiting well-functioning and over-collateralized algorithmic stablecoins. We believe that collateral requirements can mitigate risks.
The FSB Financial Stability Board was established in April 2009 as a specialized international organization responsible for overseeing and advising on the global financial system. As the successor to the Financial Stability Forum established at the 2009 G20 London Summit, its members naturally include central banks, finance ministries, and financial regulatory agencies from over 20 countries, as well as major international financial institutions and various specialized committees.
Decentralized Finance DeFi
Differences Between CeFi and DeFi
Many people confuse "crypto CeFi" with DeFi, as both are means for customers and users to participate in the crypto market. However, CeFi and DeFi operate fundamentally differently, and it is precisely because of their unique characteristics that we believe they each require different regulatory frameworks.
First, CeFi institutions, as the name suggests, operate in a "centralized" manner, with a complete management team and conflicts of interest, where users interact with third-party intermediaries to enter the crypto market. The intermediaries are typically traditional private enterprises, and users are customers of these enterprises, with decisions about how to operate the business made behind closed doors. On the other hand, DeFi consists of software protocols that provide a wide range of non-intermediated financial products and services. These software protocols are typically composed of a collection of smart contracts deployed on decentralized blockchains. Users can interact directly with these protocols without intermediaries, trading financial products in peer-to-peer transactions, and the rules governing DeFi protocols are written in computer code and executed through computer code. This is particularly important in jurisdictions with weak financial regulation or where trust in political, financial, or both types of institutions is compromised. It also has benefits in mitigating financial contagion risks, as transparent transactions and on-chain risk exposures reduce the likelihood of opaque leveraged positions and strengthen risk management through more transparent levels of interconnectedness.
Because DeFi relies on code rather than intermediaries, DeFi protocols are highly transparent. Generally, anyone can inspect and audit public blockchain ledgers, and many DeFi protocols are built on these public blockchains, which reflect the smart contracts governing the operation of the protocols and record the price and quantity of each transaction input on a given platform. For example, a popular DeFi lending protocol, Compound, has a transparent, immutable, and publicly auditable ledger of all historical transactions. Importantly, this information is nearly real-time. In contrast, CeFi intermediaries are opaque, so the public can only obtain the information they need on a limited, sporadic, and retrospective basis. Given the transparency of DeFi systems using open-source code and on-chain tracking, it is relatively easy for regulators and users to monitor them, while CeFi intermediaries cannot do so. So far, DeFi protocols have shown significant resilience to market pressures, especially compared to CeFi intermediaries. In recent months of market volatility, large-scale bankruptcies in the crypto market have concentrated on CeFi institutions like Celsius Network and Voyager Digital, while truly decentralized DeFi protocols like Compound and Uniswap have continued to operate normally. This relative success is both a function of the integrity of DeFi protocol smart contracts and a function of transparency. Given these advantages, we believe the DeFi ecosystem will continue to grow in usage, utility, and complexity in the coming years.
Regulatory Framework for DeFi: Regulating Applications, Not Protocols
As mentioned above, we believe that an appropriate regulatory framework tailored for DeFi involves regulating the entry points of centralized/business-owned applications or protocols, rather than the protocols or software themselves. As discussed below, this distinction between business-owned applications and protocols is crucial.
DeFi Protocols
DeFi protocols are software programs composed of smart contracts that provide functionality for peer-to-peer lending and other financial transactions. The protocols are hosted on blockchains or integrated into blockchains like Ethereum, and they are open-source, decentralized, autonomous, and censorship-resistant. Among these characteristics, decentralization and censorship-resistance have particular regulatory and political significance. Decentralization is a broad term that refers to multiple aspects of blockchains, including political/legal decentralization (as no one controls the public blockchain) and architectural decentralization (as there is no central point of failure).
● As many regulators have pointed out, decentralization is a spectrum, and some web3 businesses start centralized and transition to decentralized models. We suggest that there exists a "sufficiently" decentralized web3 entity where (i) information about its operations is transparent and available to all (achieved through transparent blockchain ledgers), (ii) there is no need (or even possibility) for necessary management efforts to drive the success or failure of the business (achieved through immutable smart contracts, decentralized economics, and DAOs).
● Censorship-resistance is also a broad term that describes the ability for almost anyone to use the public blockchain and the fact that no one can be kicked off the public blockchain. It also describes the fact that no one on the blockchain can be powerful enough to independently prevent transactions or stop others who wish to verify blockchain transactions from joining the consensus network.
Since no one controls the protocol, the protocol cannot contain subjective decisions that traditional financial regulations sometimes require, and therefore, they cannot comply with or understand specific judicial requirements. For example, product classifications such as securities, commodities, and various derivatives differ between jurisdictions and can be highly subjective between countries. Globally accessible software cannot apply factual and contextual tests, nor can it contain inconsistencies in its programming. Furthermore, regardless of any changes in laws or regulations, DeFi protocols (like the Uniswap protocol) will run permanently as initially constructed once deployed, as their design parameters typically severely limit functional updates. If the web3 community votes to support updates to a new version of a DeFi protocol or launch a new version of the protocol, providing users access to earlier versions of applications will update their codebase to point to the new version of the smart contract.
DeFi Applications
DeFi applications are products built on DeFi protocols that allow users to access these protocols. Importantly, they often add on-chain or off-chain order databases, as well as graphical user interfaces (GUIs) or APIs, or both. Unlike the protocol layer, the businesses and developers of web3 applications do not have the same constraints regarding subjective decisions. They can comply with different judicial regulations and design flexible access points to minimize legal and regulatory risks.
Traditional CeFi Regulations Should Not Apply to DeFi
Regulations designed for CeFi should not apply to DeFi, as they do not adapt well to the differences between the two types of products and services. In the CeFi space, many regulations aim to eliminate the risks of trusting financial intermediaries. The goal is to reduce the potential for conflicts of interest or direct fraud that may occur in situations where one must entrust their money or assets to another person. In the world of DeFi, traditional financial services are disintermediated, with no trusted intermediaries. Therefore, in DeFi, the decentralization, transparency, and trustworthiness achieved through blockchain technology eliminate many of the risks that CeFi regulations primarily aim to address. As a result, DeFi can isolate users from many of the old fiduciary abuses prevalent in CeFi and does a better job than any "self-regulatory" or "public regulatory" regime in CeFi. Thus, it is illogical to broadly apply CeFi regulations to decentralized web3 applications that do not provide similar intermediary services. Furthermore, any regulatory intervention would be counterproductive, as it would hinder DeFi's inherent ability to achieve the very reasonable policy goals that many financial regulations pursue, such as transparency, auditability, traceability, responsible risk management, and so on. Imagine the value destruction that would occur if the SMTP email protocol were forced to comply with various judicial systems (from free speech law enforcement to GDPR data privacy laws). However, applications accessing SMTP for mutual communication can comply with Gmail, for example, and can adhere to various regulatory requirements or respond to regulatory information requests. Traditional regulation at the protocol level is unworkable.
An Appropriate Regulatory Framework is Crucial to Ensure the Benefits of DeFi
We also believe that the principle of regulating applications rather than protocols is crucial to ensuring the transparency and credibility of DeFi in the international financial system. As mentioned above, since DeFi applications run on blockchain technology, they are open and accessible to anyone around the world, creating unprecedented opportunities for access to financial services. Since January 2020, the number of DeFi users has surged from about 91,000 to nearly 5 million, with the benefits of DeFi being most evident in emerging markets where trust in political authorities and financial institutions may be compromised. Latin American countries are leading the world in adopting DeFi, particularly in areas where credit facilities are scarce. DeFi has also made progress in African countries such as Nigeria and Kenya.
Adopting a regulatory framework that captures the software infrastructure driving the web3 ecosystem, rather than the applications operating as interface points, could jeopardize the benefits of DeFi for millions and push protocol developers toward jurisdictions with particularly lax regulatory frameworks. If regulators were to impose subjective and potentially globally conflicting regulations on web3 protocols, such as what may or may not be securities, commodities, or their derivatives, then decentralization would be untenable, undermining the features that make DeFi protocols functional and useful. We believe that international officials and regulators can most effectively address this challenge by promoting the responsible development of the DeFi industry, particularly by establishing a clear and feasible legal framework based on regulating DeFi applications.
Privacy and Mitigating Illegal Financial and National Security Risks
Establishing a clear and consistent global regulatory framework to enhance financial integrity and combat money laundering and terrorist financing is crucial for the maturation of the digital asset industry. We know that such a framework will be most successful if the public and private sectors actively collaborate and share information in real-time to reduce the risks of money laundering, terrorist financing, and other illegal activities.
We appreciate the Financial Action Task Force (FATF) for its recommendations and guidance on anti-money laundering (AML) and combating the financing of terrorism (CFT) in the digital asset space. As the sector continues to innovate, the FATF should continue to consult with the private sector, and its members should engage in practical trials of technologies to develop policies that most effectively achieve necessary goals while avoiding overly broad or unintended consequences. Additionally, local regulators should engage similarly with the digital asset industry when implementing FATF's virtual asset standards. In the United States, many cryptocurrency businesses are protected under the Bank Secrecy Act, and these protected entities have successfully benefited from traditional financial institutions' "anti-money laundering" programs while also developing additional elements that reflect the unique circumstances of cryptocurrency. Furthermore, the Financial Crimes Enforcement Network (FinCEN) in the U.S. works closely with cryptocurrency service providers to leverage its advanced information and threat detection capabilities. However, where applicable, "Know Your Customer" (KYC) rules should apply to the purpose, utilizing the technological capabilities of blockchain. KYC processes that collect the minimum amount of identifiable user data should be encouraged, and experimentation with technology and processes should be facilitated through exception relief and regulatory sandboxes. This flexible approach can promote the development of crypto-native tools that effectively combat illegal finance by leveraging blockchain technology and transparency.
While the entities involved have these important compliance obligations, privacy is a fundamental human right and a social good. Privacy-preserving technologies allow for data computation and targeted analysis while keeping the individuals executing the computations and malicious actors who may attempt to steal or compromise that information encrypted. Zero-knowledge proofs and configurable privacy blockchains are emerging forms of privacy-preserving technology that can balance individual privacy interests with broader public policy and societal needs, such as effective compliance, transparency, and security.
Governments should adopt laws and policies that allow for the development and use of privacy-preserving technologies while also making compliance with these technologies possible. For example, regulators could establish processes to assess novel mechanisms for creating and maintaining digital identity records, including the adoption of digital identity verification technologies that can combine decentralized blockchain technology with secure off-chain "data repositories." Additionally, zero-knowledge proof technology could be used for sanctions screening.
At the same time, governments themselves should respect individual privacy, and access to or use of personal data should only occur when necessary to achieve specific, narrow, and legitimate government objectives. For instance, the U.S. Treasury is considering collecting, verifying, and retaining the names and physical addresses of all counterparties for transactions exceeding $3,000 between cryptocurrency exchanges and non-custodial wallets, which raises serious privacy and security concerns. Moreover, these proposals could undermine law enforcement investigations, prosecutions, and asset recovery capabilities, as they would drive self-custody wallet users away from well-regulated, compliant exchanges and financial intermediaries to non-compliant or poorly regulated entities, thereby reducing the amount of valuable information available to law enforcement and national security agencies.
Finally, we recommend that the FSB clarify its statement in the high-level recommendation 5 of the GSC report, which states that "authorities should ensure that GSC arrangements implement appropriate anti-money laundering/anti-terrorist financing measures consistent with FATF standards, including compliance with the FATF travel rule requirements," specifically considering whether GSC arrangements allow for peer-to-peer transactions through non-custodial wallets, applying only to those covered entities with travel rule obligations. Generally, non-custodial or non-custodial wallet providers, users, or non-VASP entities should not be targeted.
Algorithmic Stablecoins
The FSB's recommendations on stablecoins state that reserve assets should "at least equal" the amount of stablecoins issued by the issuer and consist solely of "conservative" assets, and stablecoins should not "derive" their value from algorithms, which would have negative unintended consequences for the blockchain ecosystem. More specifically, we are concerned that a framework based on this recommendation would effectively ban algorithmic stablecoins, where the best algorithmic stablecoins operate through over-collateralization of external collateral, while showing hostility toward web3 applications that rely on algorithmic development of products and services. While we wholeheartedly support regulation to prevent stablecoin issuers from taking unreasonable risks, we believe that lawmakers can protect users without such a broad ban. They can do this by establishing strictly tailored collateral requirements that allow for the development of secure software code while preventing overly risky projects.
Algorithms Are Not the Problem
Stablecoins are a type of cryptocurrency whose value is pegged to the value of external assets such as the U.S. dollar or gold. Stablecoins can maintain their peg through centralized custody of collateral and reserve assets or through the use of algorithmic liquidation mechanisms and a combination of collateral composed of different cryptocurrencies or other assets. Generally, lawmakers and regulators tend to focus on stablecoins that use algorithms, i.e., algorithmic stablecoins, as a risk area. However, this overly broad concern is largely misplaced, as it focuses on algorithms as an unstable source rather than the real issue of under-collateralization. Over the past year of significant market volatility, we now know that the vast majority of algorithmic stablecoin projects have performed very well, while a small number of poorly performing projects were severely under-collateralized, relying on collateral created by the issuer itself. Importantly, the relative safety of algorithmic stablecoins is precisely due to blockchain programmability, which creates certain key risk controls typical of traditional liquidation infrastructures, including collateral liquidation, protecting the safety and robustness of investors and protocols in a way that is far more transparent and efficient than manual processes.
An example of blockchain programmability involves stablecoins that require users to deposit ETH as collateral. These protocols require the value of the ETH collateral to be between 135% and 150% of the value the user intends to mint in stablecoins within such protocols ("collateralization ratio"). While these stablecoins are uncollateralized, if the price of ETH drops and the value of the user's collateral falls below the protocol's collateralization ratio, the user's collateral will be automatically liquidated, and their ETH will be sold to close the stablecoins borrowed by the user. All of this happens automatically and autonomously, ensuring that the protocol's collateral never falls below the value of the uncollateralized stablecoins.
Given the success of over-collateralized stablecoins during periods of severe volatility, this programmable safety mechanism should be praised rather than discouraged.
Regulating Algorithmic Stablecoins
The FSB has a good opportunity to recommend an appropriately tailored regulatory framework for algorithmic stablecoins that recognizes the important role of algorithms and digital assets. However, the currently drafted recommendations almost explicitly require an effective ban on algorithmic stablecoins, as they generally require all stablecoins to be backed 1:1 by conservative and highly liquid assets, recommend restricting the use of cryptocurrencies as reserves, and state that stablecoins should not "derive value from algorithms."
More carefully tailored requirements would more effectively protect the blockchain ecosystem and users. The FSB should conduct a study analyzing the relative safety of over-collateralized stablecoins to assess which collateral and collateralization ratios may be sufficient to allow the continued use of such collateral. For example, a regulatory proposal could practically suggest that only digital assets with a market capitalization above a certain value could be used as collateral to ensure that bad actors cannot easily manipulate collateral assets. Additionally, collateralization rates above 125% have proven effective during recent volatility and are worth further exploration.
On the other hand, broadly banning algorithmic stablecoins could harm the international financial system. First, stablecoins, whether custodial or algorithmic, provide stability in countries where centralized monetary policy fails. As more countries face increasing inflationary pressures, we expect the use of stablecoins to rise. Furthermore, algorithms are not only important for the development of stablecoins; they are also key to other aspects of the blockchain ecosystem, including DeFi and other digital asset markets. If regulators view algorithms as an unstable source, web3 developers may perceive this as a threat to their projects and exit the market. With appropriate regulations, we can prevent this outcome.
In summary, our high-level principles regarding algorithmic stablecoins are:
● Banning algorithmic stablecoins blindly assimilates all algorithmic stablecoins, while they are actually very different. The systemic risks posed by stablecoins are more a product of their collateral design than the use of algorithms. Banning all algorithmic stablecoins is like using a sledgehammer to crack a nut (i.e., being overly forceful and counterproductive).
● Banning algorithmic stablecoins will disrupt the current DeFi market and lead to significant customer losses. From the perspective of investor protection and software development, such bans are destructive and counterproductive, potentially causing billions of dollars in losses to the users that policymakers are trying to protect.
● Bans will have unforeseen negative impacts on the entire DeFi and broader web3 industry. The algorithmic mechanisms used by algorithmic stablecoin protocols are prevalent in DeFi and web3. The blockchain ecosystem may view a comprehensive ban on algorithmic stablecoins as an attack on these mechanisms, which could inadvertently hinder widespread web3 innovation.
● Bans will be extremely difficult to enforce. Various global jurisdictions that choose to implement FSB-approved bans will be unable to remove all algorithmic stablecoins from their markets, and thus the ban may encourage regulatory arbitrage, exposing users to greater harm.
● Bans will push innovation to jurisdictions with particularly lax regulatory frameworks and harm well-regulated large developed economies. Bans may accelerate the decline of market share for web3 developers in developed countries and hinder their ability to influence the development of web3 and the broader industry.
● Bans are unnecessary, as other restrictive measures would more effectively reduce systemic risks. Regulators could have utilized existing regulatory provisions to prevent most of the recent systemic harm, while new precise regulatory provisions could eliminate the risk of such systemic harm reoccurring without hindering innovation.
Conclusion
It is crucial for regulators and policy leaders to thoughtfully regulate blockchain technology, as it is rapidly becoming a key pillar of the financial system, and we greatly appreciate the opportunity to comment on these important matters. We view this comment letter as part of an ongoing dialogue between the public and private sectors and look forward to continuing engagement on these issues.