DeFi sector risks: why financial market regulators don’t trust decentralized finance

DeFi Decentralized Finance is one of the fastest-growing sectors of the crypto economy. According to the DeFi lama resource, this sector’s total value locked (TVL) exceeded $205 billion in April 2022. Of course, such a growing market cannot but worry traditional financial institutions, so there is more and more talk about the need for government control and regulation of DeFi.

This spring, several financial organizations published their reports about the decentralized finance sector, including the International Organization of Securities Commissions, IOSCO, and the consulting company PWC. These papers primarily describe the risks of DeFi and the potential for its regulation.

The decentralized finance sector is young, therefore, like any developing system, it has problems that have yet to be solved. Regulators of the financial services market highlight several risks that DeFi has – scammers, technical failures in blockchain, lack of proper audit of smart contracts, fake decentralization, and others.

However, after reviewing the report, our analysts concluded that most of the DeFi problems that concern regulators are also inherent in the traditional financial system. For example, the number of users deceived by classic financial institutions related to manipulation and confusing terms of contracts, is just as high, despite the regulation of these areas.

Experts highlight the technological risks associated with the complexity of blockchain networks. DeFi protocols do depend on the blockchains they are built on and can experience bugs and network congestion issues that slow down transactions, making them more costly or sometimes impossible. Yes, failures can happen in blockchains, but they do not always lead to lost funds.

Other concerns are related to smart contracts. On the one hand, open access to smart contract code can facilitate financial innovation, on the other hand, there are no technological restrictions for developers, or licensing qualifications that determine who can deploy, manage and interact with smart contracts. Therefore, it is possible to create contracts with vulnerabilities that expose DeFi users to fraud, theft, and other risks, the IOSCO report writes.

Yes, there are indeed projects that have not audited their smart contracts, which can and should be an alarming sign for users. Most DeFi services, on the contrary, aim to undergo an audit procedure to show their probity to the community. There are audit companies, such as CertiK, which, although not licensed because such a license still does not exist, have a proper reputation in the market.

Another issue for IOSCO experts is the decentralization of several projects. Indeed, even though some applications claim to be decentralized, there are DeFi protocols that de facto govern the project. In these cases, there are some unique risks associated with the ownership of administrative keys and the operation of governance structures.

For example, in cases where the administrative key is assigned to one company or individual who can change a smart contract or protocol. When the owner of an administrative key has unilateral control over user funds stored in a smart contract or protocol, there are many risks, from the possibility of losing the key to cybersecurity issues, such as extortion threats or hacking by third parties. Unfortunately, these problems exist and DeFi developers have yet to find a solution to them.

The growth of DeFi projects and the likely risks for potential users and investors are prompting government institutions to start the conversation about the need to regulate this market. However, the nature of DeFi service protocols makes regulation, if not impossible, then very problematic. To date, no state has come close to resolving this issue.

Most crypto experts are inclined to believe that authorities first need to deal with the regulation of the cryptocurrency ecosystem as a whole. As for DeFi, it seems to us that the probable way is not so much regulation as a proposal for cooperation. Existing and future DeFi services should take into account the experience of traditional finance to improve their products and services and solve the problems of cybersecurity, business openness, and transparency.

Most DeFi developers are ready for this – for example, in June 2021, IOSCO organized an event attended by representatives of major regulators and DeFi projects such as the decentralized exchange Uniswap. The organization has also created a DeFi working group led by the US Securities and Exchange Commission. SEC Commissioner Caroline Crenshaw said that the organization does not see a threat in DeFi, but sees a certain challenge and opportunity to rethink the entire traditional financial system. If this position continues, it can be assumed that such cooperation will make DeFi a convenient, safe, and mainstream tool for everyone. We will be following developments.