What’s New in the CFTC’s DeFi Report Is Welcome, and What’s Unwelcome Is Not New
For years, US regulators’ approach to crypto has been, frankly, unhinged.
The Securities and Exchange Commission (SEC), for example, has treated regulating crypto as beneath the agency’s dignity—effectively imposing de facto bans on US crypto activity by refusing to tailor old rules to new tools. Indeed, pushing crypto out of the US may even have been seen as a benefit.
Against this backdrop, a recent report on decentralized finance (DeFi) by the Commodity Futures Trading Commission’s (CFTC) Technology Advisory Committee (TAC) was refreshingly sane.
That the report proposes undertaking normal regulatory process vis‐à‐vis crypto—accounting for both risks and benefits when evaluating policy, for instance—is commendable in the current climate of shoot‐from‐the‐hip enforcement actions against DeFi projects.
Yet, paradoxically, the TAC DeFi report’s very normality is both its great strength and a source of some weaknesses. Specifically, the report reveals the shortcomings of the standard‐issue financial regulatory playbook, in particular the assumption that financial regulators have both the mandate and capacity to achieve desired outcomes regarding nearly every problem under the sun—financial and non‐financial alike.
At its best, the report recognizes tradeoffs and is wisely humble about regulators’ ability to optimize. At its worst, the report sees regulation as a uniquely capable tool for achieving optimal outcomes in DeFi and beyond.
The report deserves credit for getting many important things right. It recognizes that DeFi does indeed have use cases (e.g., decentralized crypto asset exchanges, decentralized governance, lending and credit, cross‐border payments, and parametric insurance). It also warns—as we’ve long argued—that pushing DeFi offshore or pretending it will go away risks “longer‐term erosion of US economic power and influence.”
Moreover, the report accepts that decentralization is a real phenomenon, can be relevant at multiple levels of the “technology stack” (e.g., the protocol, network, and application), exists on a spectrum (with some projects displaying greater decentralization than others), and offers potential benefits (e.g., reducing single points of failure, removing barriers to access, and promoting competition).
Yet, the report also overreaches at times. This isn’t a problem with the report itself so much as the financial regulatory framework within which it’s working. Invoking finance‐specific regulatory objectives, including consumer protection and market integrity, is understandable, but the report also considers non‐financial societal issues, including climate policy and nebulous notions of “equity” (not the securities kind), to be within financial regulators’ portfolios. (Heck, why not pursue DeFi rules for immanentizing the eschaton while you’re at it?)
Even the finance‐related objectives that the report imports from existing regulatory priorities can contain the seeds of overreach. For example, the oft‐cited financial policy objective of maintaining financial stability has tended to be a historic white whale in traditional finance, with the ill‐defined term conferring broad discretion on regulators and risking increased moral hazard. At the very least, regulators should not require DeFi to demonstrate greater stability than the traditional financial system under the same circumstances.
When it comes to the core issue of DeFi itself—decentralization—the report is occasionally tempted by the hubris of the regulator as social optimizer. On the one hand, the report aptly recognizes that decentralization is a concept replete with tradeoffs. For example, “immutability” presents both cybersecurity opportunities—mitigating the risk of faithlessly reversed transactions—and challenges—potentially complicating software upgrades to patch vulnerabilities. Yet when it comes to navigating such tradeoffs, the report suggests that regulators might find a way to have our cake and eat it too:
[I]t may be possible for policymakers to determine the optimal nature, level, and location of decentralization, making it possible for them to design regulatory interventions designed to influence or dictate the structure of DeFi projects, enterprises, and ecosystems.
Reasonable readers might disagree as to whether optimal here means within the constraints of tradeoffs or something loftier. Either way, regulators’ ability to identify that optimum is, at the very least, questionable.
But there also are other, welcome areas where the text is clear about the limits of regulatory capacity. For example, the report articulates well the issues of unintended consequences and regulators’ knowledge problem:
[P]olicymakers will often not possess all of the relevant information needed to conduct complete or accurate risk assessments. Nor do they possess a crystal ball that would enable them to predict how a particular market, institution, industry, or technology will evolve over time, or the consequences stemming from the introduction of a given mitigation mechanism.
The same goes for the problem of onerous and counterproductive regulation: “poorly targeted or overly burdensome regulation poses risk to US competitiveness and innovation, along with its leadership in the realms of both finance and technology.” And lastly, the report appropriately recognizes that rules should be drawn such that compliance should be feasible, with interventions “grounded in a practical reality.”
Ultimately, the report’s impact will hinge on which parts regulators emphasize. Given a history of enforcement‐first DeFi policy that ignores novel questions and risks “banishing innovation from US shores”—as CFTC Commissioner Summer K. Mersinger put it—regulators would do well to take away from the report an understanding of the pitfalls of pushing away technological advances, the importance of regular policy process that considers benefits and risks alike, and the limits of regulators’ ability to perfect outcomes.