DeFi regulation has been a major bone of contention among regulatory watchdogs across the world. A recent paper, authored by Rebecca Rettig, Katja Gilman from Polygon Labs, and Michael Mosier from Arktouros, proposes a strategy to classify truly decentralized DeFi protocols as critical infrastructure.
This classification would place them under the oversight of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). Although the OCCIP isn’t a typical financial regulator, it plays a crucial role in strengthening the security and resilience of critical infrastructure in the financial services sector.
It collaborates with financial institutions, industry associations, and government agencies to exchange information about cybersecurity risks and weaknesses.
Classifying DeFi As ‘Critical Infrastructure’
The 45-page research suggests it is possible to set up safety measures to tackle the risks of illegal money activities in DeFi Systems. Instead of bringing in middlemen forcefully into real DeFi Systems, it’s comparable to not making phone companies have switchboard operators again to confirm who’s using each phone.
Rather, genuine DeFi should be seen as “critical infrastructure” and overseen by OCCIP, similar to how the authorities handle illegal finance risks in other tech systems in finance.
The report clarified that classifying genuine DeFi Systems as “critical infrastructure” under OCCIP doesn’t automatically label them as “financial institutions” regulated by the Bank Secrecy Act (BSA). OCCIP isn’t bound by BSA regulations and isn’t limited to working solely with financial institutions.
Additionally. classifying genuine DeFi Systems as “critical infrastructure” aligns with efforts proposed by both industry and regulators to establish regulatory measures for neutral software. According to the paper, these measures include implementing cybersecurity standards, setting up information sharing and analysis centers (ISACs), automating risk indicators, and using other tools to mitigate risks.
While some of these initiatives are already underway in the DeFi sector, such as cybersecurity frameworks and an ISAC, collaboration between industry and regulators facilitated by OCCIP would enhance the effectiveness of these efforts.
Unclear Regulations Pose Barriers to DeFi Expansion
DeFi has been a major grey area for regulators. While North America has been a big user of DeFi, its share of activity has dropped recently, mainly due to regulatory uncertainty in the US.
Earlier this year, the Commodity Futures Trading Commission (CFTC) highlighted a problem with DeFi systems: the lack of clear accountability, which some industry structures intentionally overlook. The agency pointed out various risks for investors and consumers, like fraud, market manipulation, conflicts of interest, data breaches, and privacy violations, mainly because people don’t understand DeFi well.
The CFTC suggested that policymakers need to understand DeFi better by figuring out what’s already known and what still needs exploring. They advised policymakers to use mapping exercises to see if the financial products and services offered by DeFi projects fall under existing US regulations.