Peer-to-peer trading, face to face, eye to eye — it’s the way deals had been done for millennia, before distance and lack of trust forced us to use go-betweens such as banks and brokers to transact.

Now decentralized finance (DeFi) has taken us back to an over-collateralized future. We can transact peer to peer not only remotely but also trustlessly by interacting with a smart contract. This innovation has set the foundation for a financial renaissance that goes far beyond just replacing intermediaries.

Until recently, regulators have largely ignored this emerging parallel financial system. But with former blockchain professor Gary Gensler as chair of the U.S. Securities and Exchange Commission, D.C. has woken up. The question is: How can authorities enforce regulations that don’t rely on the presence of intermediaries? And how will the regulation protect users and the market?

Decentralization > deterritorialization

DeFi protocols might appear out of regulatory reach. Copies of blockchain transaction history are stored in nodes all over the world, ready to reappear like the many-headed hydra if one should be compromised.

Yet history provides lessons of how regulators might think they can address DeFi.

Historically, regulators have only held purview over legal entities within their jurisdiction. This changed with the extraterritorial Foreign Account Tax Compliance Act (FATCA) of 2010, which saw U.S. authorities regulating beyond their currency and U.S. persons across the world and coordinating with other jurisdictions by signing intergovernmental agreements (IGAs) for enforcement.

The EU followed a similar approach with the General Data Protection Regulation (GDPR) in 2018, writing regulations from their ivory tower to control the data of Europeans wherever they are in the world — though it remains unclear how authorities can enforce against organizations outside the EU.

Looking ahead, we could see regulators rely on similar extraterritorial methods in an attempt to reach into cyberspace and enforce regulation in DeFi.

Choke points and on-ramps

Even with extraterritorial enforcement, however, regulators would still need to identify choke points that could be used to control otherwise decentralized protocols.

These points of centralization already appear to be on the radar of regulators. As Gensler remarked: DeFi can be a misnomer, with platforms often being “decentralized in some aspects but highly centralized in other aspects.”

Individual protocols with known developers, or those controlled by corporate token holders, might be pressured to get changes pushed to the protocol. And for protocols that are as decentralized as they claim — run by distributed anonymous communities — regulators could make interaction with the protocol illegal. Or, more likely perhaps, stymie the flow of funds by targeting on-ramps or marking certain protocols as toxic.

These on-ramps could be fiat-to-crypto exchanges or stablecoins that could be forced to incorporate due diligence and know-your-client procedures to ensure compliance with anti-money laundering and counter-terrorism (AML/CFT) efforts, etc. To be effective, these future controls will need to be built with DeFi in mind. This could see the sanction list published as a Chainlink lookup or a free API call from the Financial Action Task Force (FATF) or Organisation for Economic Co-operation and Development (OECD) directly.

At the same time, individual protocols seeking to integrate with the real economy are likely to make trade-offs that work in favor of regulators.

For example, Aave‘s know-your-client versions of liquidity pools are providing limited DeFi access to institutions by using on-ramps to KYC participants. They are able to mitigate risk by relying on organizations like Chainalysis to analyze blockchains for know-your-transaction (KYT), though this comes at the cost of depth of liquidity, and doesn’t grow the pie for all participants.

Other promising solutions include smart wrapping contracts that allow verified entities to deposit funds and automatically mint “fully compliant assets” that can be used in any DeFi protocol without having to KYC each time.

On the flip side, protocols may further decentralize; as we’ve seen recently, MakerDAO shut down legal entities and relies solely on the DAO. But while these fully decentralized protocols may remain out of reach of regulators, they could also be divorced from the real economy to an extent.

With these scenarios in mind, the question becomes not how to enforce regulation but what outcome the regulations should be aiming to achieve.

How should DeFi be regulated?

As to what changes should be pushed to protocol level, we now stand at a crossroads.

There is opportunity for the appropriate level of regulation to give DeFi enough breathing space to make a difference: boosting transparency, increasing financial inclusion and enabling credit to 8 billion people that will see the world take a tremendous jump toward prosperity.

Yet there is also potential for overreach that would stifle innovation and growth and have unintended consequences. Unfortunately, we seem to be well down this path already.

What is needed is the realization that DeFi shares many of the same goals as financial regulators: overhauling inflexible processes and delivering wider access, cheaper prices and more stability — all while ensuring these benefits are widely shared with all participants in the market.

For example, access to liquidity has long been a central concern not only for cryptocurrency and blockchain projects, but for financial markets in general. As per the Bank of England’s Run Lola Run speech of 2019, there is evidence that those that are further from liquidity get a worse and worse deal.

DeFi has the potential to create fairer, more transparent and more liquid markets through completely new mechanisms, helping everyone to reduce fraud and front-running, resolving fragmentation and creating markets that are efficient, resilient, fair and equally accessible to all — not just participants that have the right connections.

Defining the right regulation could make or break DeFi, and there are big questions to be answered: How do we establish wallet scores? How do we build in decentralized identifiers (W3C DIDs)? And how can we ensure that any controls don’t work against financial inclusion?

Given such an opportunity to rebuild finance from the ground up, we need to be bold: Set clear objectives and create regulation that smooths the path to get to the new financial world — without simply settling for a faster version of what we have today.